エピソード

  • A Compliance Roadmap for ADS/ADMT-Part 2: Understanding Opt-In and Opt-Out Requirements

    A Compliance Roadmap for ADS/ADMT-Part 2: Understanding Opt-In and Opt-Out Requirements
    2025/10/14
    Welcome to a special series on Life with GDPR. Over the next five episodes, Tom Fox and Alyssa DeSimone, a legal/compliance & risk management expert, with an extensive background in HR will discusses the complex topic of a Compliance Roadmap for ADS/ADMT In this second episode, Tom Fox and Alyssa DeSimone review the opt-in and opt-out requirements introduced in the recent updates to the California Consumer Privacy Act (CCPA). They discuss what opting in and out entails, the concept of anti-retaliation in this context, and how disparate impact analysis can help regulators assess compliance. Additionally, they explore the importance of clear communication and training for HR departments on the use of AI in hiring, and the role of vendors in ensuring compliance. The episode wraps up with a discussion on the ambiguous term 'significant decision making' and its potential for litigation. Key Highlights · Understanding Opt-In and Opt-Out Requirements · Anti-Retaliation Measures · Disparate Impact Analysis · Applicant Rights and Training · Vendor Collaboration and Compliance · Significant Decision Making Resources: Connect with Tom Fox LinkedIn Connect with Alyssa DeSimone · LinkedIn · Website Life with GDPR was recently honored as a Top Data Security Podcast Learn more about your ad choices. Visit megaphone.fm/adchoices
    続きを読む 一部表示
    19 分
  • A Compliance Roadmap for ADS/ADMT - Part 1: Introduction & Jurisdiction

    A Compliance Roadmap for ADS/ADMT - Part 1: Introduction & Jurisdiction
    2025/10/13
    Welcome to a special series on Life with GDPR. Over the next five episodes, Tom Fox and Alyssa DeSimone, a legal/compliance & risk management expert with an extensive background in HR, will discuss the complex topic of a Compliance Roadmap for ADS/ADMT. In this first episode, we break down the essentials of ADS/ADMT, focusing on who is covered, the nuances of jurisdiction, and the broader business implications of evolving employment laws. ADS is an automated decision system, and ADMT is an automated decision-making technology. Whether you are an HR professional, compliance professional, or legal eagle, this discussion will help you navigate the complexities of compliance in a changing legal landscape. Key highlights: What is ADS/ADMT? Applies to 5+ employees (including part-time/out-of-state). Coverage limits for out-of-state conduct. Jurisdiction can reach beyond California. Risk mitigation tips for businesses. Resources: Connect with Tom Fox LinkedIn Connect with Alyssa DeSimone LinkedIn Website Life with GDPR was recently honored as a Top Data Security Podcast Learn more about your ad choices. Visit megaphone.fm/adchoices
    続きを読む 一部表示
    17 分
  • Endpoint Security and Data Protection: Uncovering the Hidden Compliance Risks in Printer Security with Jim LaRoe

    Endpoint Security and Data Protection: Uncovering the Hidden Compliance Risks in Printer Security with Jim LaRoe
    2025/10/09
    Jonathan Armstrong remains on assignment. Today, Tom Fox visits with fellow Texan Jim LaRoe, CEO of Symphion, to discuss data privacy, data protection, and compliance related to printer security in one of the most interesting podcasts Tom has done in some time. Jim provides insight into how 20-30% of network endpoints are printers, and alarmingly, 99% of these are unprotected. Printers, despite being integral to business functions, are typically left vulnerable, making them prime targets for sophisticated phishing and cyber-attacks. Jim shares his journey from a trial lawyer to founding Symphion in 1999 and explains Symphion’s groundbreaking work in developing comprehensive security software for printers. Jim highlights the importance of a culture of compliance in managing endpoint security and the multifaceted challenges that come with securing printers. He emphasizes the collaborative effort needed among GRC compliance teams, IT, and supply chain departments to manage printer security effectively, and offers actionable steps for businesses to mitigate these risks. Learn more about your ad choices. Visit megaphone.fm/adchoices
    続きを読む 一部表示
    25 分
  • From IT to Total Compliance Tracking with Adam Gosling

    From IT to Total Compliance Tracking with Adam Gosling
    2025/10/02
    Jonathan Armstrong remains on assignment. Today Tom visits with Adam Goslin, founder of Total Compliance Tracking, to discuss his journey from IT development and management to becoming a leader in the security and compliance sector. Adam shares his professional background, the challenges he faced with achieving PCI compliance, and the insights that led him to create a system to streamline compliance management. He details how his company, TCT, helps organizations manage various certifications and compliance standards efficiently. Adam also discusses the unique, direct marketing approach TCT employs and shares the philosophy behind providing accessible compliance resources. This conversation offers valuable perspectives on the importance of pragmatic, user-friendly compliance solutions. Key Takeaways · Adam Goslin's Professional Journey · Founding Total Compliance Tracking · Marketing Strategy and Philosophy · Future of TCT and Industry Insights Resources Connect with Tom Fox ● LinkedIn Connect with Adam Goslin ● LinkedIn Connect with Total Compliance Tracking ● Website ● LinkedIn Life with GDPR was recently honored as a Top Data Security Podcast Learn more about your ad choices. Visit megaphone.fm/adchoices
    続きを読む 一部表示
    21 分
  • Navigating GDPR in Global Outsourcing with Inge Zwick

    Navigating GDPR in Global Outsourcing with Inge Zwick
    2025/07/24
    Tom Fox takes a solo turn as Jonathan Armstrong is on assignment. Today, Tom visits with Inge Zwick, Executive Director, Head of Europe, and ESG Lead at Emapta Global, a global outsourcing company. They discuss the company’s operations, with a particular focus on managing GDPR compliance within the outsourcing framework. They also discuss common misconceptions about outsourcing under the GDPR, risk assessment processes, handling data subject access requests, and integrating compliance into business operations. Zwick also shares insights into how EMAPTA collaborates with clients to ensure compliance and offers advice to business leaders on future-proofing their outsourcing strategies in light of GDPR requirements. Additionally, the discussion explores the integration of ESG initiatives within the company’s operations. Key takeaways: Outsourcing and GDPR Compliance Risk Assessment and Data Security Subject Access Requests (SAR) Outsourcing Contracts and GDPR Obligations Integrating Compliance into Operations Resources: Connect with Tom Fox LinkedIn Connect with Inge Zwick LinkedIn Connect with Emapta Global Website LinkedIn Life with GDPR was recently honored as a Top Data Security Podcast. Learn more about your ad choices. Visit megaphone.fm/adchoices
    続きを読む 一部表示
    23 分
  • AI in Recruitment: Navigating GDPR Compliance and Challenges

    AI in Recruitment: Navigating GDPR Compliance and Challenges
    2025/04/10
    Tom Fox and Jonathan Armstrong, renowned cybersecurity experts, co-host the award-winning Life with GDPR. This episode explores the complex intersection of AI and recruitment, focusing on compliance challenges under GDPR and potential risks. Jonathan highlights that AI is often more prevalent in recruitment processes than many compliance officers realize, often through third-party vendors. He discusses the regulatory landscape in the UK and EU, sharing insights on recent cases related to automated decision-making and the transparency required for such systems. Jonathan offers a seven-point plan for organizations that use or are considering using AI in recruitment, covering provider selection, due diligence, transparency obligations, and mechanisms for handling data subject requests. The conversation underscores the need for proactive engagement between data protection officers, compliance teams, and recruiters to ensure that AI tools are used responsibly and transparently. Key takeaways: AI in Recruitment: An Overview Legal and Ethical Concerns Transparency and Fairness in AI Decisions Practical Steps for Companies Future of AI in Recruitment Resources: Connect with Tom Fox LinkedIn Connect with Jonathan Armstrong Twitter LinkedIn PunterSouthall Life with GDPR was recently honored as a Top Data Security Podcast. Learn more about your ad choices. Visit megaphone.fm/adchoices
    続きを読む 一部表示
    17 分
  • Cookie Compliance

    Cookie Compliance
    2025/03/27
    Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. In this episode, we discuss Cookie Compliance Under GDPR. Their discussion highlights the increasing enforcement actions surrounding cookies on websites, emphasizing that this is not only a data protection issue but also a wider compliance challenge. Specific case studies, such as the Dutch regulator's fine against Pool Blue and fines in other EU countries, illustrate the significant financial penalties companies can face for non-compliance. Jonathan outlines an eight-point plan to help organizations ensure their cookie practices are up to date, including regular checks, proper configuration of cookie banners, and transparency about data retention periods. The episode also touches on the role of third-party cookies, potential litigation, and regulatory actions. Compliance with cookie regulations is becoming increasingly important, with groups like NOYB driving a significant number of complaints and regulatory bodies across Europe ramping up enforcement efforts. Listeners are encouraged to assess their own cookie practices and make necessary adjustments to avoid fines and maintain compliance. Key Takeaways · The Rise of Cookie Enforcement · Global Fines and Consequences · Practical Compliance Tips · Challenges with Cookie Banners · Understanding Your Own Cookies · Guidelines for Cookie Retention Resources Connect with Tom Fox ● LinkedIn Connect with Jonathan Armstrong ● Twitter ● LinkedIn ● PunterSouthall Life with GDPR was recently honored as a Top Data Security Podcast Learn more about your ad choices. Visit megaphone.fm/adchoices
    続きを読む 一部表示
    18 分
  • Navigating CCO and CISO Liability Trends

    Navigating CCO and CISO Liability Trends
    2025/02/06
    Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. This episode discusses the complex topic of liability for the Chief Compliance Officer (CCO) and Chief Information Security Officer (CISO). Tom and Jonathan begin by examining notable cases like Joe Sullivan, the former CISO at Uber, who faced prosecution for mishandling a ransomware threat. They also cover other significant cases like Carlos Abarca from TSB Bank and Tim Brown from SolarWinds, highlighting the increasing trend towards personal liability among high-ranking compliance and security officers. Jonathan points out that prosecutors and legislators focus more on individual accountability, driven by the belief that this approach will encourage others to adhere to standards more rigorously. They explore the implications of misleading LinkedIn profiles and the importance of thorough due diligence when taking on new roles. The episode provides practical advice for C-suite executives to protect themselves, including negotiating indemnity clauses and ensuring accurate job descriptions. Key takeaways: Chief Compliance Officer Liability Overview Case Studies: Joe Sullivan and Uber, Carlos Barker and TSB Bank and Tim Brown and SolarWinds Legislation and Trends in Personal Liability SEC Formula for CCO Liability Resources: Connect with Tom Fox LinkedIn Connect with Jonathan Armstrong Twitter LinkedIn PunterSouthall Life with GDPR was recently honored as a Top Data Security Podcast Learn more about your ad choices. Visit megaphone.fm/adchoices
    続きを読む 一部表示
    24 分