General Data Protection Regulation (GDPR)

Analyst Chat #118: A first look at the new Trans-Atlantic Data Privacy Framework

On March 25th, 2022 the European Commission and the US government announced a new agreement governing the transfer of data between the EU and the US. Mike Small and Annie Bailey join Matthias to have a first look as analysts (not lawyers) at this potential milestone for data privacy…

Analyst Chat #115: From Third-Party Cookies to FLoC to Google Topics API

Online tracking is a highly visible privacy issue that a lot of people care about. Third-party cookies are most notorious for being used in cross-site tracking, retargeting, and ad-serving. Annie Bailey and Matthias sit down to discuss the most recently proposed approach called…

Analyst Chat #108: Privacy and Consent Management

"Privacy and Consent Management" is an exciting topic in a continuously changing market. Annie Bailey has just completed her latest Leadership Compass, which researches this market segment. To mark the release of this document, she joined Matthias for an Analyst Chat episode where she…

Google Cloud Digital Sovereignty Announcement

On September 8th, 2021 Google and T-Systems announced their intention to build and deliver sovereign cloud services for German enterprises, the public sector, and healthcare organizations.  So, what are a sovereign cloud services and why does this announcement matter? Sovereign Cloud…

A First End to the Schrems II Limbo

Writing about legal topics is always a challenge. I am not a lawyer, but as an analyst and advisor, however, I almost inevitably encounter the implications of laws and current case law. Thus, this text describes only a personal assessment and is not intended to be, and should not be used as,…

Analyst Chat #79: DNS and Privacy

Your DNS server knows what websites you use, what the name of your mail server is, and which corporate services you use while working from your home office. And there are even broader challenges when it comes to protecting sensitive personal data in that context. Alexei Balaganski and…

Alan Bachmann: Bringing Accountability to the Digital Identity While Preserving Privacy and Security

Cloud Codes of Conduct Get the EU Green Light, but More Is Still Needed

Green Light On May 20th, 2021 it was announced that the EU Cloud Code of Conduct had received official approval by the Belgian Data Protection Authority, following the positive opinion issued by the European Data Protection Board.  At the same time, the European Data Protection…

Frances Zelazny: The Co-Existence of Biometric Identity, Consumer Privacy, and Digital Security

Analyst Chat #70: AdTech and Future Alternatives to 3rd Party Cookies

Annie Bailey and Matthias continue their conversation around privacy, targeted marketing and the end of the era of the 3rd party cookie, that they started two weeks ago. They discuss the characteristics and the pros and cons of upcoming approaches, while this technology area is still…

Analyst Chat #68: FloC and the Death of the 3rd Party Cookie

Tracking of users via 3rd party cookies has been a constant issue regarding compliance and user privacy. This is about to change, as 3rd party cookies are being more and more blocked in browsers like Firefox and Safari. And Google has announced the same step for Chrome in upcoming…

Privacy Compliance That Empowers Instead of Hinders

Protecting user privacy has become much more complicated as of late. Organizations must optimize consent rates while ensuring compliance with ever-changing global regulations and frameworks. They must look critically at their own processes to identify gaps or failures to meet privacy…

Interview on Privacy & Consent Management (Ian Evans, Managing Director at OneTrust)

KC Analyst Anne Bailey interviews Ian Evans, Managing Director at OneTrust, about privacy and consent management.

John Tolbert: Methodology

Anne Bailey: Market Overview

John Tolbert: Topic Overview - Challenges and Trends

Anne Bailey: Core Functionalities

Analyst Chat #43: Privacy and Consent Management

Anne Bailey and Matthias Reinwarth discuss the findings of the recently published Leadership Compass on Privacy and Consent Management.

Imagining Future Regulations on AI – Similarities to the GDPR?

There are ongoing discussions from high-level expert groups from the EU Commission about what regulation of Artificial Intelligence – particularly the algorithms that process data – will look like. There is a high priority to not only create alignment with the GDPR but to add…

Digital Identities & Healthcare IAM: Balancing Efficiency in Clinical Workflows and the Need for Security & Privacy

IAM infrastructure is becoming increasingly critical to the business success of healthcare providers. This is driven in the first instance by digitization and connectivity of everything and the inevitable efforts of cyber-criminals to compromise the newly connected assets. At the same time,…

CoronaApp: Time to Act Now, Not to Talk

Kuppingercole's Principal Analyst Martin Kuppinger gives his opinion on problems and arguments surrounding various apps for tracking the spread of the virus. And privacy is not the biggest challenge here...

Sep 13 - 16, 2021: European Identity and Cloud Conference 2021

The European Identity and Cloud Conference returns fully digitalized, reacting to the global pandemic. We have collected a lot of experience in virtual conferencing throughout 2020 to be able to offer you a safe and hygienic event experience – on-site, virtual, and hybrid.

What Does the Future Hold for Passwordless Authentication and Zero Trust?

Enterprises of all types face a growing number of cyber threats today. Studies show that most data breaches begin with compromised passwords. Moreover, password management is expensive and not user-friendly. Enterprise workforce users are driving the consumerization of IT. They want the…

Applying the Information Protection Life Cycle and Framework to CCPA

The California Consumer Privacy Act (CCPA) became effective on January 1, 2020. Enforcement is slated to start by July 1, 2020. CCPA is complex regulation which does bear some similarities with EU GDPR. For more information on how CCPA and GDPR compare, see our webinar. Both regulations deal…

Mar 05, 2020: What Does the Future Hold for Passwordless Authentication and Zero Trust?

Enterprises of all types face a growing number of cyber threats today. Studies show that most data breaches begin with compromised passwords. Moreover, password management is expensive and not user-friendly. Enterprise workforce users are driving the consumerization of IT. They want the same…

The Information Protection Life Cycle and Framework

The Information Protection Life Cycle (IPLC) and Framework describes the phases, methods, and controls associated with the protection of information. Though other IT and cybersecurity frameworks exist, none specifically focus on the protection of information across its use life. The IPLC…

Complying With PSD2: Everything You Need to Know

With the Revised Payment Service Directive (PSD2) coming into full effect this fall, banks and online retailers need to adapt to changes that carry with them many regulatory and technical challenges. Acknowledging these extensive changes, Germany’s Federal Financial Supervisory…

Akamai to Block Magecart-Style Attacks

Credit card data thieves, commonly known as Magecart groups, typically use JavaScript code injected into compromised third-party components of e-commerce websites to harvest data from shoppers to commit fraud. A classic example was a Magecart group’s compromise of Inbenta…

GDP R U Compliant?

Almost one and a half years after the introduction of GDPR (EU General Data Protection Regulation), some companies still struggle with implementing appropriate measures to deal with Personally Identifiable Information (PII) in a compliant fashion. Last week the Commissioner for Data…

Oct 29, 2019: Complying With PSD2: Everything You Need to Know

With the Revised Payment Service Directive (PSD2) coming into full effect this fall, banks and online retailers need to adapt to changes that carry with them many regulatory and technical challenges. Acknowledging these extensive changes, Germany’s Federal Financial Supervisory Authority…

Assuming High Criticality: Resilience, Continuity and Security for Organizations and Infrastructures

Acronyms are an ever-growing species. Technologies, standards and concepts come with their share of new acronyms to know and to consider. In recent years we had to learn and understand what GDPR or PSD2 stand for. And we have learned that IT security, compliance and data protection are key…

Leverage Enterprise Architecture to Achieve GDPR Compliance

Several measures have been undertaken by Organizations at various levels to comply with GDPR, most of which remain reactive, fragmented and largely ad-hoc. These controls are also not continuous in nature and therefore fail to satisfy ongoing compliance requirements. Organizational leaders…

Is Multilayered Cyber-Defense Out Already? Against Rising Breaches and Vulnerabilities, Data-Centric Security to the Rescue!

As the growing number of high-profile data breaches indicates, even the largest companies are still struggling with implementing consistent enterprise-wide information security measures. Setting up various security tools for numerous different applications, services, and heterogeneous…

Sustainable Data Management

Getting competitive advantage from data is not a new idea however, the volume of data now available and the way in which it is being collected and analysed has led to increasing concerns. As a result, there are a growing number of regulations over its collection, processing and use.…

The Foundation for GDPR Compliance and PI/PII Protection: Understand Where Data Resides and Who Processes It

The EU GDPR requires covered organizations to be able to account for and document how personal data is collected, processed and shared.  What many companies often fail to realize is that this data is not only stored in specialized and appropriately secured silos such as…

Jun 05, 2019: Leverage Enterprise Architecture to Achieve GDPR Compliance

Several measures have been undertaken by Organizations at various levels to comply with GDPR, most of which remain reactive, fragmented and largely ad-hoc. These controls are also not continuous in nature and therefore fail to satisfy ongoing compliance requirements. Organizational leaders…

May 23, 2019: Is Multilayered Cyber-Defense Out Already? Against Rising Breaches and Vulnerabilities, Data-Centric Security to the Rescue!

As the growing number of high-profile data breaches indicates, even the largest companies are still struggling with implementing consistent enterprise-wide information security measures. Setting up various security tools for numerous different applications, services, and heterogeneous…

Building Trust by Design

Trust has somehow become a marketing buzzword recently. There is a lot of talks about “redefining trust”, “trust technologies” or even “trustless models” (the latter is usually applied to Blockchain, of course). To me, this has always sounded……

Data Privacy & CX

Beyond the new data privacy regulations: how to improve customer understanding and the customer experience? When it comes to state-of-the-art sales and marketing, customer experience (CX) is a highly important topic. Creating and analyzing outstanding customer journeys while considering…

CCPA vs. GDPR: An Overview on Similarities and Differences

Over the last few years, the world has witnessed an increasing number of data breaches involving the credentials and PII of employees, citizens, and consumers. We've all experienced breach fatigue and/or been impacted by these losses.

Apr 02, 2019: The Foundation for GDPR Compliance and PI/PII Protection: Understand Where Data Resides and Who Processes It

The EU GDPR requires covered organizations to be able to account for and document how personal data is collected, processed and shared. What many companies often fail to realize is that this data is not only stored in specialized and appropriately secured silos such as databases. In fact,…

CCPA: GDPR as a Catalyst for Improving Data Protection Outside the EU

It wasn't too long ago that discussions and meetings on the subject of digitization and consumer identity access management (CIAM) in an international environment became more and more controversial when it came to privacy and the personal rights of customers, employees and users. Back then…

Feb 12, 2019: CCPA vs. GDPR: An Overview on Similarities and Differences

Over the last few years, the world has witnessed an increasing number of data breaches involving the credentials and PII of employees, citizens, and consumers. We've all experienced breach fatigue and/or been impacted by these losses.