A majority of CISOs report pressure from management to delay or withhold negative security disclosures, despite regulatory requirements and best practices demanding prompt transparency.
The CJEU ruled that GDPR fines are based on the total turnover of the economic entity (group), not on the individual company’s turnover, which applies to the maximum penalty; the actual fine-setting remains the task of supervisory authorities.