Also outside of perhaps the EU, are there any legal enforcement mechanisms to hold them accountable for lying about it, if an audit showed that they were?
Also outside of perhaps the EU, are there any legal enforcement mechanisms to hold them accountable for lying about it, if an audit showed that they were?
Let’s see a company weasel out of iso27001 audit and explain their customers that they aren’t so much compliant anymore. That’s what is getting companies to stay within the lines and that should count as a punishment. Privacy authorities aren’t generally staffed enough to be a concern for the moment unless you are very unlucky.