TLDR: EDPB launching 2025 Coordinated Enforcement Framework focusing on ‘Right to Erasure' under GDPR, engaging 32 European DPAs. Organizations face intensified scrutiny on compliance, needing to improve erasure request processes and overall GDPR compliance to mitigate risk.
TLDR: The European Accessibility Act mandates that businesses provide digital access for people with disabilities by June 28, 2025, or face penalties. Compliance includes ensuring websites are perceivable, operable, understandable, and robust. North American companies doing business in the EU must also adhere to these standards. Early action is crucial for compliance through effective planning, automation, and integration of accessibility tools to tap into the potential of the $13 trillion disability market while avoiding fines and market access loss.
The EU AI Act, effective August 2024, mandates a Code of Practice for AI developers. Still, current drafts weaken human rights protections by making risk assessments optional for many categories, including fundamental rights and discrimination. This change, influenced by corporate interests, jeopardizes rights amid widespread AI use. International standards emphasize risk assessments for human rights, highlighting a disconnect between the Code and global norms. The draft needs revisions to align with robust protections for human rights to maintain the EU's leadership in AI governance.
CSaaS: Cybercrime model; attackers mass-use stolen credentials for unauthorized access. Easy for criminals, leveraging stolen data for attacks on multiple accounts. Growing threat in security landscape. Users urged to enable 2FA, use unique passwords.
CDE: Online platform for software dev. Provides tools, resources, collaboration. Supports coding, testing, deployment. Scalable, flexible, remote access. Enhances productivity, integrates with cloud services.
TLDR: SMEs in the UK should simplify GDPR compliance by understanding data use, ensuring transparency, clarity, and accountability in data handling. Key steps include: 1) Know the data collected and its purpose; 2) Follow core data protection principles; 3) Assess AI tool risks proactively; 4) Stay informed on evolving regulations. Embracing these practices early can simplify compliance and build trust, despite ongoing regulatory changes.
CISO's role is shifting from technical expertise to strategic leadership amid growing cyber threats. They face challenges like managing risk, regulatory compliance, and leveraging AI while ensuring cybersecurity. As digital ecosystems expand, a zero-trust approach is needed, addressing both technology risks and human error. Engaging staff and fostering a security culture is vital, as well as adopting AI-native security solutions to protect data and comply with regulations. The industry's evolving landscape demands CISOs to enhance communication around cyber risk and adapt to maintain security across organizational structures.
CISOs must evolve beyond tech management to integrate into business strategy to ensure organizational resilience. They need to drive competitive differentiation and engage with stakeholders, demonstrating how cybersecurity investments enhance business value. As digital transformations introduce risks, CISOs should adopt three personas: entrepreneur, politician, and technocrat, to effectively contribute in strategic discussions. Their role is critical in sectors like healthcare and manufacturing, where cybersecurity directly impacts operational continuity and customer trust. Ultimately, CISOs must communicate the value of cybersecurity in driving growth and managing emerging risks.
https://www.grantthornton.com/insights/articles/advisory/2025/the-surging-demands-on-the-ciso-role
Summary: Cybersecurity lacks actual entry-level positions; roles often require specific expertise. Professionals argue that experience in IT, especially help desk roles, is essential for transitioning into cybersecurity. While some advocate educating newcomers, others suggest traditional paths through IT. Companies face challenges in training due to budget constraints, leading to reliance on existing employees for workforce development. The industry must clarify job expectations and support various entry points to attract diverse talent.
https://cisoseries.com/cybersecurity-is-not-an-entry-level-position/
Europe increasingly scrutinizes US cloud influence amid data sovereignty concerns, particularly after Trump’s election. Stricter EU regulations like GDPR, NIS2, and DORA aim to protect data, yet US laws such as FISA 702 and the CLOUD Act pose risks. US cloud providers have launched EU-compliant operations, but doubts remain about their ability to protect EU data from US access. EU organizations are advised to use local storage options to ensure data sovereignty.
https://blocksandfiles.com/2025/03/27/eu-data-sovereignty-and-trumps-usa/
