GDPR

ISO 27701 and GDPR Compliance: What You Need to Know

Can ISO 27701 guarantee GDPR compliance?  ISO 27701 can well position any organisation for future GDPR compliance.  While one is a management system and the other is a technically a legal framework, ISO 27701 helps to create a path on your journey to GDPR.

Read More

Privacy Shield, GDPR and the New Standard Contractual Clauses: What You Need to Know

Privacy Shield, GDPR

The ruling that the EU-U.S. Privacy Shield is no longer a valid data transfer mechanism under GDPR accelerated the timeframe for new SCCs, but there’s still work to be done. Here’s what you need to know to stay compliant. 

Read More

How HITRUST Certification Can Satisfy Your SOC 2,
ISO 27001, and FedRAMP Requirements 

How HITRUST Certification Can Satisfy Your SOC 2, ISO 27001, and FedRAMP Requirements 

The HITRUST CSF pulls from many major pre-existing frameworks to provide a complete, certifiable security standard.  Learn about the many different cybersecurity frameworks that can be incorporated into your organization’s HITRUST assessment to help streamline your approach to compliance.  

Read More

CPRA vs. CCPA: What’s the Difference? 6 Key Changes to Understand

CPRA-vs-CCPA

Less than one year after the CCPA took effect, California passed another consumer privacy law: the CPRA. Here are six changes to help you understand the differences between CPRA vs. CCPA. 

Read More

4 Miscellaneous HITRUST Regulatory Factors to Consider

4 Miscellaneous HITRUST Regulatory Factors to Consider

Over the last few blogs, we have provided a comprehensive overview of the HITRUST landscape, from the authoritative sources at its core, to the optional regulations, or regulatory factors, that are commonly added on to a HITRUST assessment for industry-specific purposes.  

Read More

Privacy Shield and the GDPR: Inadequate Protection for Cross-border Data Transfers

Privacy Shield and the GDPR

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued a landmark judgement that Privacy Shield is “invalid” because it does not provide “adequate protection” under Article 45 of the General Data Protection Regulation (GDPR) for transfers of personal data of individuals located in the European Union to the United States.

Read More

ISO 27701 Streamlines Data Privacy, Incorporates GDPR and CCPA concepts into Certifiable Standard

ISO 27701 Streamlines Data Privacy A-LIGN GDPR CCPA

Let A-LIGN guide your journey from Information Security Management System (ISMS) to Privacy Information Management System (PIMS)

Read More

The State of GDPR, One Year Later

GDPR Blog

Enacted on May 25, 2018, the General Data Protection Regulation (GDPR) shook up the privacy world by enacting some of the strongest consumer protection laws ever seen. Any industry that processes the personal data of European Union residents was affected, and the regulation was designed to force organizations to implement the appropriate processes to manage […]

Read More

GDPR: One Month Post Enforcement

GDPR Post Enforcement Blog A-LIGN

On May 25, 2018, the General Data Protection Regulation (GDPR), aimed at enacting strong consumer protection laws, was enforced.

Read More