What was your reaction when you saw Meta was hit with a $413M GDPR fine?

Regulatory Compliance Governance, Risk & Compliance Data Privacy

1.8k views3 Comments

Co-Founder in Services (non-Government), 2 - 10 employees

personally didn't effect me ( probably) ,but it would be good to know the details

Senior Information Security Manager in Software, 501 - 1,000 employees

At this point, the least of their problems.
Firms often negotiate and can get them reduced.
In many, in the US, many regulatory fines are never collected.

Director in Manufacturing, 1,001 - 5,000 employees

Given the complexity of the GDPR law and operational requirements I wasn’t surprised. Perhaps what is more surprising is the companies that have not been fined. As we worked on compliance issues I often thought of working for a small USA based company with less compliance rules

Let’s see how many more companies get fined…. Probably a lot of fine revenue opportunities out there

1

Content you might like

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & Leadership Strategy & Architecture Cloud +57 more

CTO in Software, 201 - 500 employees

Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

Read More Comments

48.9k views133 Upvotes326 Comments

Over the past year, how has your use of audit/GRC software to enable collaboration within your tam and across the business changed?

Governance, Risk & Compliance

Increased46%

Not changed53%

Decreased1%

205 PARTICIPANTS

578 views

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data.

Security & GRC Regulatory Compliance

Head of Cyber Security in Manufacturing, 501 - 1,000 employees

I would say, DPO and Security team both shall be involved and work hand in hand.

Most of the time the legals and or DPO don't have the technical acumen to understand when data is floating to third party services.

Lets ...read more

910 views1 Comment

Do you have policy and procedure governing electronic communications, including chat channels/mechanisms such as We Chat or WhatsApp and Text messages given DOJ guidance to include third party messaging apps as an area to regulate? Are employees forbidden from using unapproved electronic communications channels or are you providing corporate accounts? Do you offer training? Do you monitor communications and audit compliance? Do employees acknowledge compliance with approved communication channels? What is retention period on communications?

Collaboration Solutions Data Privacy Regulatory Compliance

1k views

Cyber threat hunting is gaining momentum in the industry. If you are offering this as part of your advanced security services, which challenges are you experiencing?

Security & GRC Device Management Threat & Vulnerability Management +9 more

Poor efficiency of the detection and threat hunting solution (SIEM/SOAR, EDR solutions)49%

Too much time wasted on false positive alerts64%

Lack of security skills and defined processes46%

Not enough demand in the market6%

211 PARTICIPANTS

567 views1 Upvote