Today’s Edition: The ABCs of GDPR

The General Data Protection Regulation (GDPR) is considered to be the toughest privacy and security law in the world. Established in 2016 by the European Union (EU), GDPR emphasizes transparency, consent, and data security for organizations handling personal data.

Some things to note about GDPR:

• GDPR grants individuals various rights, including the right to access their data, the right to be forgotten (data erasure), the right to data portability, and the right to object to the processing of their data.
• Organizations must obtain explicit and informed consent from data subjects before processing their personal data. Consent can be withdrawn at any time.
• Accountability is a huge part of GDPR, as it introduces significant fines for non-compliance. These penalties can be astronomical, like in the case of Meta. The media company was fined $400 million for its treatment of children’s data on Instagram, and then months later fined $1.3 billion for transferring the personal data of European Facebook users to servers in the United States.

Clearly, these regulations are no joke. Establishing GDPR compliance can foster a culture of responsibility and accountability within your organization, strengthening customer relationships and your reputation.

Check out the rest of today’s edition for all the resources you’ll need to get started on GDPR compliance. ??

GDPR: A Beginner's Guide

Because GDPR is such an expansive standard, it’s easy to get lost in the weeds. We’re covering all the fundamentals in this beginner’s guide, including what it is, why it matters, and how to become and stay GDPR compliant.

Common FAQs answered in this article:

• What are some fines the EU has imposed on companies?
• What are the seven principles of GDPR?
• Who does GDPR protect?
• What data is covered by GDPR?

Keep reading for answers to all these questions and more.

From Drata's Experts

GDPR Compliance Checklist

Our twelve-step GDPR checklist can help your organization stay compliant while protecting customers from cybersecurity threats and yourself from business risk.

Debunking the Top 5 GDPR Myths and Misconceptions

After numerous customer calls and questions around GDPR, we’ve picked some of the most common GDPR myths to dispel for you.

Data Protection Impact Assessment for GDPR: How To Do It Right

Learn more about GDPR’s data protection impact assessments and discover what you need to know to conduct one yourself.

Empowering Security and Compliance Automation in the Cloud at AWS re:Invent 2023

We’re going to AWS re:Invent! As the world's premier cloud conference, AWS re:Invent is the place to be for anyone who's passionate about cloud innovation, and we are looking forward to connecting with all of you as we delve into the heart of cloud technology.

We look forward to empowering more businesses to leverage the full potential of the cloud while maintaining the highest standards of security and compliance.

If you’re looking for us, we won’t be hard to find:

• Trust Fleet: Look for the Trust Fleet with Drata branding to make your transportation to and from the event hassle-free.
• Booth 1636: experience hands-on demonstrations of our product and chat with our security and compliance experts.
• Compliance and Coffee: Join us daily from 2 p.m. to 3 p.m. at our booth for a casual chat about compliance over a cup of coffee.
• SentinelOne: Join us and SentinelOne, a cloud-based security endpoint solution that provides secure environments for businesses, at the hottest party in town to celebrate cloud innovation and network with like-minded professionals.

Check out this blog post covering all things Drata x AWS re:Invent.

Around the Web

President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence | The White House

Amazon launches European ‘sovereign’ cloud as EU data debate rages | CNBC

Why some US bank deposits are held up days after 'processing error' delayed 850,000 payments | Yahoo Finance

Data brokers are selling US service members’ secrets, researchers find | The Record

Troy's Takes: Expert Answers

Question: I can’t believe Meta was actually fined $1.3 billion dollars. Can you break it down for me?

Troy’s Take: The European Union is sending a message to the U.S and they are doing it through Meta.

The EU fined Meta a record $1.3 billion and ordered it to stop transferring users’ personal information across the Atlantic.

An agreement covering EU-U.S. data transfers known as the Privacy Shield was struck down in 2020 by the EU’s top court, which said it didn’t do enough to protect residents from the U.S. government’s electronic surveillance.

Because a new transfer agreement was not in place between the U.S. and the EU and because Meta did not have sufficient supplemental measures in place to protect against U.S. government surveillance, the EU determined the transfer of data to the U.S. was unlawful according to the GDPR.

They also determined that Standard Contractual Clauses were not enough to provide supplemental protections.

Meta was also ordered to erase all data that was unlawfully transferred.

Meta will appeal the decision and the legal battle will continue for some time.

The EU and U.S. have been negotiating a new transatlantic data transfer agreement but negotiations are still ongoing. The main reason the EU won’t agree to the new agreement is due to the U.S. government’s surveillance laws.

This will surely cause Meta and other tech companies to pressure the U.S. government to get a new transatlantic data transfer agreement in place as quickly as possible.

For more industry insight (and some good compliance memes), visit Troy’s LinkedIn.

Secured Jobs

Sr GRC Program Analyst | Tesla | Austin, TX

Sr Cybersecurity Engineer - Identity & Access Management | Southwest Airlines | Dallas, TX

Director, Governance, Risk & Compliance (GRC) | WeWork | New York, NY

Helpful Resources

Trusted is currently published twice a month and is designed to share the latest resources from around the compliance, risk management, and cybersecurity space. If you have suggestions or would like to include a recent article or podcast, please let us know.

?? Secured, The Drata Community

↘? Trusted: Share our newsletter with others

?? Upcoming webinars

??Drata Customer Stories