Latest news with #GeneralDataProtectionRegulation
RTÉ News
2 days ago
- Business
- RTÉ News
Data protection watchdog moves to new Dublin headquarters
The Data Protection Commission (DPC) has moved to new headquarters in Dublin. The building project was commenced by the Office of Public Works in May 2023, and has brought together all of the DPC's Dublin-based staff into one office. The DPC said its new headquarters provides staff with a greatly improved, modern and collaborative work environment that will support the work it does both in Ireland and across the EU. Since the introduction of the General Data Protection Regulation (GDPR) in May 2018, the DPC has imposed fines of more than €4 billion on big tech firms. Just €20 million of that has been paid, as most of the rulings are under appeal. In May 2023, the DPC imposed a record fine of €1.2bn on Meta for breaches relating to the transfer of personal data from the EU to the US. Earlier this month, the DPC fined video-sharing platform TikTok €530 million over the transfer of the personal data of European users to China. The DPC's new headquarters was officially opened today at an event attended by the Taoiseach Micheál Martin and Minister for Justice Jim O'Callaghan. "As the DPC continues to play a leading role in European data protection, this new home will help us meet that responsibility with confidence and ambition," said Data Protection Commissioner Dr Des Hogan. His fellow Commissioner Dale Sunderland added that the new building is a reflection of how far the DPC has grown and developed as an organisation. "A decade ago, we were fewer than 50 people. Now, we're 275 strong and continuing to grow," Mr Sunderland said.
Yahoo
3 days ago
- Business
- Yahoo
Resecurity Unveils AI-Driven Compliance Manager at ISACA 2025 North America Conference
LOS ANGELES, May 29, 2025--(BUSINESS WIRE)--Resecurity, a leading U.S.-based cybersecurity and threat intelligence company, has officially launched its AI-driven Compliance Manager at ISACA 2025 North America Conference in Orlando, Florida. The cutting-edge solution is engineered to help CISOs and compliance teams manage complex regulatory demands, reduce risk, and maintain alignment with fast-changing global cybersecurity standards. The Compliance Manager delivers centralized visibility, automation, and expert-level guidance to ensure organizations stay audit-ready and resilient in the face of expanding data protection and information security regulations. The platform currently supports over 20 international and regional compliance frameworks, including: GDPR (General Data Protection Regulation - EU) SAMA (Saudi Arabian Monetary Authority) DORA (Digital Operational Resilience Act – EU) PDPL (Saudi Arabia) DPDPA (India) DPA (Philippines) CMMC (Cybersecurity Maturity Model Certification – U.S. DoD) NIS2 Directive (EU) RBI Cybersecurity Guidelines (Reserve Bank of India) PCI DSS v4.0.1 ISO/IEC 27001 NCA ECC (National Cybersecurity Authority's Essential Cybersecurity Controls – Saudi Arabia) To address increasing pressure from regulators and threats, Resecurity's solution introduces a "human-in-the-loop" AI architecture. This empowers cybersecurity leaders with GenAI-driven insights and adaptive compliance recommendations, tailored to evolving standards. The system maps controls, evaluates risk exposure, and enables real-time compliance monitoring — reducing manual workload and audit preparation time. "Regulatory landscapes are evolving faster than ever, and the cost of non-compliance can reach millions in penalties — not to mention reputational damage," said Gene Yoo, CEO of Resecurity. "With our Compliance Manager, we're arming CISOs with a smart, scalable assistant that not only monitors compliance but actively helps close gaps in real time." In some regions, penalties for non-compliance can exceed $10 million, or amount to 2–4% of annual global revenue, placing tremendous pressure on organizations to maintain continuous compliance. The Compliance Manager is fully integrated into the Resecurity platform, enabling unified threat, risk, and compliance (GRC) management under a single pane of glass. About Resecurity Resecurity® is a cybersecurity company that delivers a unified endpoint protection, fraud prevention, risk management, and cyber threat intelligence platform. Known for providing best-of-breed data-driven intelligence solutions, Resecurity's services and platforms focus on early-warning identification of data breaches and comprehensive protection against cybersecurity risks. Founded in 2016, it has been globally recognized as one of the world's most innovative cybersecurity companies with the sole mission of enabling organizations to combat cyber threats regardless of how sophisticated they are. Most recently, by Inc. Magazine, Resecurity was named one of the Top 10 fastest-growing private cybersecurity companies in Los Angeles, California. As a member of InfraGard National Members Alliance (INMA), AFCEA, NDIA, SIA, FS-ISAC, and the American Chamber of Commerce in Saudi Arabia (AmChamKSA), Singapore (AmChamSG), Korea (AmChamKorea), Mexico (AmChamMX), Thailand (AmChamThailand), and UAE (AmChamDubai). To learn more about Resecurity, visit View source version on Contacts Gene Yoopress@
Business Wire
3 days ago
- Business
- Business Wire
Resecurity Unveils AI-Driven Compliance Manager at ISACA 2025 North America Conference
LOS ANGELES--(BUSINESS WIRE)-- Resecurity, a leading U.S.-based cybersecurity and threat intelligence company, has officially launched its AI-driven Compliance Manager at ISACA 2025 North America Conference in Orlando, Florida. The cutting-edge solution is engineered to help CISOs and compliance teams manage complex regulatory demands, reduce risk, and maintain alignment with fast-changing global cybersecurity standards. The Compliance Manager delivers centralized visibility, automation, and expert-level guidance to ensure organizations stay audit-ready and resilient in the face of expanding data protection and information security regulations. The platform currently supports over 20 international and regional compliance frameworks, including: GDPR (General Data Protection Regulation - EU) SAMA (Saudi Arabian Monetary Authority) DORA (Digital Operational Resilience Act – EU) PDPL (Saudi Arabia) DPDPA (India) DPA (Philippines) CMMC (Cybersecurity Maturity Model Certification – U.S. DoD) NIS2 Directive (EU) RBI Cybersecurity Guidelines (Reserve Bank of India) PCI DSS v4.0.1 ISO/IEC 27001 NCA ECC (National Cybersecurity Authority's Essential Cybersecurity Controls – Saudi Arabia) To address increasing pressure from regulators and threats, Resecurity's solution introduces a 'human-in-the-loop' AI architecture. This empowers cybersecurity leaders with GenAI-driven insights and adaptive compliance recommendations, tailored to evolving standards. The system maps controls, evaluates risk exposure, and enables real-time compliance monitoring — reducing manual workload and audit preparation time. 'Regulatory landscapes are evolving faster than ever, and the cost of non-compliance can reach millions in penalties — not to mention reputational damage,' said Gene Yoo, CEO of Resecurity. 'With our Compliance Manager, we're arming CISOs with a smart, scalable assistant that not only monitors compliance but actively helps close gaps in real time.' In some regions, penalties for non-compliance can exceed $10 million, or amount to 2–4% of annual global revenue, placing tremendous pressure on organizations to maintain continuous compliance. The Compliance Manager is fully integrated into the Resecurity platform, enabling unified threat, risk, and compliance (GRC) management under a single pane of glass. About Resecurity Resecurity® is a cybersecurity company that delivers a unified endpoint protection, fraud prevention, risk management, and cyber threat intelligence platform. Known for providing best-of-breed data-driven intelligence solutions, Resecurity's services and platforms focus on early-warning identification of data breaches and comprehensive protection against cybersecurity risks. Founded in 2016, it has been globally recognized as one of the world's most innovative cybersecurity companies with the sole mission of enabling organizations to combat cyber threats regardless of how sophisticated they are. Most recently, by Inc. Magazine, Resecurity was named one of the Top 10 fastest-growing private cybersecurity companies in Los Angeles, California. As a member of InfraGard National Members Alliance (INMA), AFCEA, NDIA, SIA, FS-ISAC, and the American Chamber of Commerce in Saudi Arabia (AmChamKSA), Singapore (AmChamSG), Korea (AmChamKorea), Mexico (AmChamMX), Thailand (AmChamThailand), and UAE (AmChamDubai). To learn more about Resecurity, visit
Irish Examiner
3 days ago
- Business
- Irish Examiner
TikTok sues Ireland's data protection watchdog over €530m penalty from regulator
Tech giant TikTok has sued the Data Protection Commission in objection to a massive €530m penalty it received from the regulator earlier this month. The social media company lodged papers in the High Court on Tuesday for a judicial review against the DPC. Neither TikTok nor the DPC had responded to a request for comment at the time of publication. A judicial review relates to the courts reviewing the correctness or otherwise in law of a decision made by an organ of the State, be it a Government Department or a semi-state agency. The suit is understood to relate directly to the DPC's decision to hand the enormous fine to TikTok over the transfer of users' personal data from Europe to China. Issuing that decision on May 2, the DPC told the Chinese-owned firm that it had breached Europe's General Data Protection Regulation (GDPR) over the transfer of data to China and its own transparency requirements. The DPC said at the time that the fine — the second largest issued under GDPR in the DPC's history — had resulted from the company having 'failed to verify, guarantee and demonstrate that the personal data of European Economic Area users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU'. 'As a result of TikTok's failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards,' the DPC's deputy commissioner Graham Doyle said at the time. The administrative fine of €530m was accompanied by a direction requiring TikTok to bring its processing into compliance within six months. The company was also ordered to suspend transfers to China if the way it processes data is not brought into compliance over the same timeframe. Throughout the inquiry into TikTok the DPC had said that the company had maintained that it did not store data from users in the European Economic Area on servers located in China. In April, however, TikTok informed the DPC that it had discovered 'limited' European data had been stored on servers in China. The company said it had identified this in February. TikTok informed the DPC that this discovery 'meant that TikTok had provided inaccurate information to the inquiry'. Earlier this month the DPC said that it is taking recent developments regarding the storage of EEA User Data on servers in China 'very seriously'. 'Whilst TikTok has informed the DPC that the data has now been deleted, we are considering what further regulatory action may be warranted, in consultation with our peer EU Data Protection Authorities,' Mr Doyle said at the time. In 2023, the Commission fined TikTok €345m after an investigation into how the platform processed children's data. Read More Limerick-based Carelon Global Solutions to close with loss of 300 jobs
Yahoo
3 days ago
- Business
- Yahoo
We're criticising GDPR for all the wrong reasons
'Simplify', 'Streamline', 'Scale back'. While EU communiqués often find creative ways to avoid uttering the word 'deregulation', this new European Commission is all about boosting the bloc's competitiveness by 'cutting red tape'. The intention to stimulate the continent's economy might be laudable, but there is a real risk of throwing the baby out with the bathwater. The Draghi Report, presented in September 2024, laid the foundation for a shake-up of one of the EU's crown jewels in digital regulation – the General Data Protection Regulation (GDPR). According to the report, certain regulations present 'overlaps and inconsistencies', leading to fragmentation. Draghi pinpointed GDPR as a particular source of headaches, thanks largely to its complexity, burdensome national implementation, inconsistent local enforcement, and disproportionately high compliance costs for small and medium enterprises compared to larger corporations. Now the whispers are over: GDPR now seems headed for the chop, much like sustainability reporting rules before it. Yet the world has changed dramatically in recent months, meaning many of Draghi's proposals are tailor-made for a context that no longer exists. Additionally, the US' disastrous DOGE experiment offers a stark cautionary tale of deregulation leading to chaos rather than efficiency. Legal institutions, after all, are complex systems designed for the critical purpose of protecting people's rights. Leer más: Robust rules are essential to guaranteeing clarity and transparency. Especially in the digital sector, setting clear guardrails is vital to containing both the excesses of tech oligarchs and the erraticism of their satellites-in-chief. Far from slashing red tape, the EU would be wise to take this opportunity to refocus its energies on delivering and enforcing better regulations. EU regulations are often cast as stifling the continent's innovation, but EU trade law professor Anu Bradford argues that this narrative is, at best, oversimplified. Europe's sluggish dynamism can instead be attributed to a wide range of structural issues, including a fragmented digital single market, underdeveloped capital markets, and harsh bankruptcy laws that punish failure rather than encourage experimentation. Looking beyond the fiscal level, European cultural attitudes tend to be more risk-averse, and the bloc lacks the proactive immigration policies needed to attract international tech talent. Experts have also clarified that if fragmentation truly impedes innovation, trimming regulation without serious harmonisation of domestic frameworks will achieve little. While regulation like the GDPR is often unfairly scapegoated for the continent's woes, it is not exempt from criticism. Consider the algorithmic management (AM) and AI systems that have steadily infiltrated workplaces in recent years. Recent OECD figures reveal that in France, Germany, Italy, and Spain, around 79% of managers across diverse sectors report that their firms already use AM software to hire, organise and monitor their workforces. Algorithms and AI are not just assisting managers either – in some cases they are replacing them altogether. This ushers in new risks, and entrenches or amplifies old, unresolved problems such as unfairness, opacity, incontestability, dysfunctionality and distrust. The boom in decision-making digital tools perfectly illustrates the GDPR's ambivalent role. On paper, it remains a gold-standard shield for personal data, including the data used to fuel Generative AI applications. Yet in practice, the GDPR struggles to fully address the challenges posed by machines making decisions, either independently or on behalf of human managers. In one recent study commissioned by the EU Directorate-General for Employment, Social Affairs and Inclusion, data protection frameworks are put under the microscope to see whether they can tame AM systems. The verdict was mixed, leaning towards pessimistic. While it is undeniable that the GDPR can be mobilised to limit data processing and avoid repurposing, most of its headline provisions have wide gaps when it comes to the workplace. The study flags the indeterminacy, ambiguity, and open-textured nature of the rules on automated decision-making, among other things. For instance, semi-automated decisions – hybrid systems with human intervention at the last stage of the executive chain – often slip beneath the radar, reducing the chances for workers to be informed about their existence and reasoning, or to have a real shot at contesting and changing their outcomes. In a similar vein, uncertainty about the interpretation of grounds for lawful processing and the application of the proportionality principle is leading to a patchwork of discordant decisions made by Data Protection Authorities. As the case law on data controllers' 'legitimate interest' shows, compliance risks becoming a postcode lottery. None of this should come as a surprise, as the GDPR was designed to be general, not workplace-specific. Nevertheless, its exceptions and loopholes disadvantage workers, and create uncertainties that affect companies. In a different season, institutions were contemplating the introduction of a work-specific instrument to govern algorithms, a proposition that was also included in the mission letter of Roxana Mînzatu, Executive Vice-President for Social Rights and Skills, Quality Jobs and Preparedness. The current deregulatory drumbeat, stimulated by the US fury against EU powers, has cooled that talk, but the idea is not dead. Workplace technologies are still largely governed by consumer-oriented data protection principles, even though employment contexts differ profoundly. Employers routinely collect sensitive data that extends managerial control into workers' emotional domains, and AM systems intensify these dynamics by automating decisions and generating detailed profiles. The persistent and asymmetrical nature of workplace surveillance undermines autonomy and erodes mutual trust. Unlike consumers, workers cannot meaningfully refuse these intrusive practices, making power imbalances more acute. Moreover, data harms are often collective, threatening solidarity and enabling anti-union practices. The Platform Work Directive (PWD) offers a ready-made compass to reorient action on workers' digital rights. Indeed, a whole chapter is devoted to fine-tuning the GDPR to better govern AM at work. As argued in a policy brief, several PWD provisions appear to be deliberately drafted to fill the gaps left by the omnibus framework. The PWD covers 'decisions supported by' algorithms (not just fully automated ones), extends workers' information and access rights, re-establishes a right to explanation, and bans robo-firing outright. It is, however, crucially limited, as its sectoral scope stops at the gig-economy's edge, leaving everyone else in the open. If the GDPR is not good enough for delivery couriers and click-workers, why is it still being applied to all other workers? Blaming the GDPR for Europe's growth woes makes for great clickbait, LinkedIn memes and after-dinner quips, but it ignores the real issues. Looser privacy rules will not fix our problems. On the contrary, a smarter framework for workers' digital rights could serve as a robust counterbalance, ensuring that AM operates as a tool for efficiency rather than unchecked command-and-control. By all means, critique the GDPR, but aim at the right target. Its abstract, transactional, individualistic DNA is ill-suited to the collective, lopsided reality of modern workplaces where employees' data feed into black-box AI systems. In those environments the answer is not to prune protections, but to reinforce them by clarifying legal bases, establishing red lines, hard-wiring collective rights, and closing the enforcement loopholes. Reform, yes. Regression, no. Este artículo fue publicado originalmente en The Conversation, un sitio de noticias sin fines de lucro dedicado a compartir ideas de expertos académicos. Lee mas: Outdated legal frameworks are a barrier to the EU's just transition – here's how we can fix them The EU's 'twin' green and digital transitions: a policy revolution, or just Euro-jargon? How the UK could monetise 'citizen data' and turn it into a national asset Antonio Aloisi no recibe salario, ni ejerce labores de consultoría, ni posee acciones, ni recibe financiación de ninguna compañía u organización que pueda obtener beneficio de este artículo, y ha declarado carecer de vínculos relevantes más allá del cargo académico citado.
