compliance
2 articles with this tag
What is PCI DSS — the security standard for handling credit-card data
PCI DSS (Payment Card Industry Data Security Standard) is the international standard for businesses that store, process, or transmit card data. Set by the card brands, it requires network protection, encryption of stored data, least-privilege access control, monitoring/logging, and vulnerability management. In practice the safest move is to not hold card numbers yourself — hand processing to a compliant payment provider (tokenization) and shrink your scope.
What is GDPR — the EU's data-protection rules and breach-notification duty
GDPR (General Data Protection Regulation) is the EU's comprehensive rulebook for protecting the personal data of people in the EU — and it can reach businesses outside the EU that serve EU users. It requires a lawful basis (e.g. consent), clear purpose, data minimization, data-subject rights (access/erasure), and breach notification to the authority (generally within 72 hours), with heavy fines for serious violations. The technical gist: collect and hold only the personal data you need, protect it, and be able to detect and report a breach quickly.