How Does GDPR Impact the Marketing Industry?

by Sarah Harvey / February 6, 2023

GDPR Implications for Marketing What does GDPR mean for marketing? We’re worried that not enough business leaders and marketers have heard of GDPR or have prepared for this radical privacy law because of a common misconception that GDPR is for lawyers and information security teams. But GPDR is more than a data privacy law: GDPR is a mandate that affects how organizations market, collect, use, and store consumers’ personal data,…

Common Gaps in Vendor Compliance Management

by Sarah Harvey / June 13, 2023

Effective Vendor Risk Management An effective risk management strategy includes a strategic process for assessing and monitoring vendor compliance. Some vendors go to great lengths to secure their services and processes, but others may leave you with consequences to pay. Vendors need to prove what they are doing to reduce risk to you and your customers. You’re putting a great deal of control into the vendors' hands, so managing vendor…

What is GDPR Personal Data and Who is a GDPR Data Subject?

by Sarah Harvey / December 16, 2022

Two of the most frequent questions asked about GDPR, especially from non-EU-based organizations, are: What is GDPR personal data? Who is a GDPR data subject? If you’ve been asking these questions but can’t seem to find a clear answer, you are not alone. The answer to these questions can determine whether or not GDPR applies to your organization and to what extent it applies. Let's take a closer look at…

PCI DSS Update: Version 3.2.1 Released

by Sarah Harvey / December 16, 2022

On February 1, 2018, nine new PCI DSS requirements went into effect. Four months later, the PCI Security Standards Council (SSC) published a minor revision to the PCI DSS. PCI DSS v3.2.1 replaces v3.2 and addresses effective dates and Secure Socket Layer (SSL)/early Transport Layer Security (TLS) migration deadlines that have passed. Though PCI DSS v3.2.1 does not introduce any new requirements, let’s discuss the minor revisions made, when they…

What’s the Difference Between SOC for Cybersecurity and SOC 2?

by Sarah Harvey / June 14, 2023

Newest Addition to the SOC Suite The AICPA recently added a new offering to its SOC suite: SOC for Cybersecurity. The difference between SOC 1, SOC 2, and SOC 3 has always been fairly clear-cut based on factors like internal control over financial reporting, the Trust Services Criteria, and restricted report use. Now, we have a new player in the game. What’s the Difference Between SOC for Cybersecurity and SOC…