(With the Help of ChatGPT) In this article, the author provides three versions of a data retention policy that appears compliant with GDPR or NIST. After taking NACVA’s cybersecurity course, a student reached out to me asking for a Data Retention Policy template that would be compliant with the statutes and frameworks discussed in the course, such as the National Institute for Standards and Technology (NIST) Cybersecurity Framework or the EU’s General Data Protection Regulation (GDPR). I thought this may be a good question for large language models because the subject matter is old enough that there is a sufficiently…
-
-
From $600 to Over $1 Billion The EU General Data Protection Regulation (GDPR) and other data protection regulations apply to the smallest sole practitioner firm among us to the largest and each must take steps to implement a cybersecurity plan, to follow it, and to respond when an incident occurs. The failure to provide protection can result in fines. In this article, the author describes why Amazon and Google were fined under the EU’s GDPR. For the past five years, organizations have been dodging and weaving the myriad data protection regulations spawned from the EU’s General Data Protection Regulation (GDPR).…