GRC Report Staff

The Personal Information Protection Commission (PIPC), in collaboration with the Korea Internet & Security Agency (KISA), has announced the official launch of the Global Cross-Border Privacy Rules (Global CBPR) Certification System. Starting June 2, 2025, this new system will help businesses easily navigate the complex world of international data flows, allowing them to expand into global markets while prioritizing privacy.

ASIC Commissioner, Kate O'Rourke, recently took center stage at the Responsible Investment Association Australasia (RIAA) Conference, where she shared her insights on how ASIC is helping Australia’s financial sector navigate the growing importance of climate-related financial disclosures. While O'Rourke emphasized that these regulatory changes are big, she also clarified they are an opportunity for businesses to take charge of climate risk and show the market they’re ready for the future.

‍Vodafone is facing a €45 million penalty after the Federal Commissioner for Data Protection and Freedom of Information (BfDI), led by Prof. Dr. Louisa Specht-Riemenschneider, uncovered several significant data protection shortcomings. These issues, ranging from security flaws in its online systems to fraud committed by partner agencies, have put the telecom giant under scrutiny. Here's a deeper dive into the details, the actions taken, and what this means for the company going forward.

Anecdotes, an AI-powered Governance, Risk, and Compliance (GRC) platform, has announced the successful closing of its expanded Series B funding round, raising an additional $30 million to bring the total funding for the round to $55 million. The extended round was led by DTCP, following an initial $25 million raised from Glilot, Vertex, and Red Dot. With this latest infusion of capital, Anecdotes has now raised a total of $85 million to date.

Luxury fashion brand Cartier has confirmed a data breach after hackers gained unauthorized access to its systems, exposing a limited amount of customer information. The company issued a notification to affected customers, revealing that personal data, including names, email addresses, and countries of residence, had been compromised. However, Cartier assured that no more sensitive information, such as passwords or payment details, was exposed in the attack.

Lockheed Martin, one of the largest defense contractors in the world, has agreed to settle allegations under the False Claims Act by paying $29.74 million. This settlement addresses accusations of defective pricing practices in contracts related to the production and maintenance of its F-35 fighter jets. The settlement adds to the $11.3 million Lockheed Martin already paid to the Department of Defense (DOD) for similar pricing issues in these same contracts.

Compyl, a provider of unified Governance, Risk, and Compliance (GRC) solutions, has recently announced it has raised $12 million in a Series A funding round. The round was led by Venture Guides, with participation from existing investors including Contour Venture Partners, Armory Square Ventures, nvp capital, Alpine Meridian Ventures, Brooklyn Bridge Ventures, and Zelkova Ventures.