Today’s Edition: Building Confidence in the Cloud With Data Privacy

Nearly 46% of consumers surveyed feel that they’re unable to effectively protect their personal data.

These breaches often result from inadequate security measures, highlighting the urgent need for businesses to prioritize robust data protection strategies. Establishing and maintaining a strong data privacy framework not only ensures legal compliance but also fosters customer confidence, loyalty, and a resilient business environment in the face of evolving cybersecurity threats. 

As businesses navigate the complexities of the digital era, prioritizing data privacy is not just a legal requirement but a strategic imperative for long-term success.

Check out the rest of today’s edition all about the ins and outs of data privacy. 👇

Data Privacy vs. Data Security: Understanding the Difference and Overlap

Data privacy and data security. Are you confident that you’re handling both well within your organization?

The reality is, these are two phrases that go hand in hand, but they actually mean different things. Here’s a quick glimpse:

Key Similarities:

• Help protect data
• May require adherence to similar regulations
• Necessary to build a robust data policy

Key Differences:

• Data privacy focuses on individuals and their rights to protect their personal information from being used by companies and governments without consent.
• Data security protects against unauthorized access to sensitive information by employees, bad actors, or malicious software. 

Keep reading for your crash course on data privacy versus data security.

From Drata's Experts

GDPR Compliance Checklist: How to Become Compliant

Our twelve-step GDPR checklist can help your organization stay compliant while protecting customers from cybersecurity threats and yourself from business risk.

CCPA Compliance 101: Everything You Need to Know

Is your business CCPA and CPRA compliant? Learn everything you need to know about CCPA compliance with this guide.

7 Tips to Manage Data Privacy With a Lean Team

Many organizations rely on one or two people for all data privacy responsibilities. This article shares seven tips on prioritizing your initiatives.

Compliance Uncomplicated Episode 5: An InfoSec Perspective to Digital Security Success With Nemean Services

Nemean Services’ Information Security Manager, Max Glynn, discusses digital asset security, continuous compliance, and leading a company to information security success in the fifth episode of Drata’s Compliance Uncomplicated podcast.

Here’s a quick glimpse at what Max considers the keys to information security success:

• Stress comes with the territory
• Overkill is better than underkill
• Be a constructive voice, not a “no” voice
• Teamwork makes security
• Keep people engaged with clear communication
• Have a growth mindset

Check out the full recap here.

Around the Web

Google expands minimum security guidelines for third-party vendors | CSO

Staples Hit by Cyberattack, Temporarily Halts Online Order Processing | PC Mag

OpenAI taps former Twitter India head to kickstart in the country | Tech Crunch

Troy's Takes

Question: Can you explain how the European Union (EU) is using the Decision vital Markets Act (DMA) to ensure fair business practices with social media platforms?

Troy’s Take: July 3rd marked an important milestone for the DMA. It was the deadline for large, systemic platforms to notify the European Commission if they meet the thresholds to qualify as gatekeepers under the DMA. 

Unsurprisingly, the companies who declared meeting the thresholds include Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft, and Samsung (though it is surprising that Twitter did not meet the criteria and did not declare).

📌 Obligations for Gatekeepers: Examples of obligations gatekeepers must comply with include:

• Allowing third-party interoperability in certain situations.
• Granting business users access to the data they generate on the platform.
• Providing tools for independent verification of advertisements hosted on the platform.
• Allowing business users to promote offers and conclude contracts outside the platform.

📌 Prohibitions for Gatekeepers: Examples of prohibitions gatekeepers must adhere to include:

• Treating their own services more favorably in rankings compared to similar services from third parties on the platform.
• Preventing consumers from linking to businesses outside their platforms.
• Restricting users from uninstalling pre-installed software or apps if they wish to do so.
• Tracking end users outside the platform for targeted advertising without obtaining effective consent.

Read the full post (and find some good compliance memes) on Troy’s LinkedIn.

Secured Jobs

Chief Information Security Officer | BeyondTrust | Remote

Sr GRC Program Analyst | Tesla | Austin, TX

Senior Cybersecurity Technical Specialist | Disney Parks, Experiences and Products | Anaheim, CA

Helpful Resources

Trusted is currently published twice a month and is designed to share the latest resources from around the compliance, risk management, and cybersecurity space. If you have suggestions or would like to include a recent article or podcast, please let us know.

🗣 Secured, The Drata Community

↘️ Trusted: Share our newsletter with others

🎥 Upcoming webinars

😎Drata Customer Stories