Danielle Barbour

HIPAA, GDPR, and SOX Don’t Have an AI Exemption: What Compliance Officers Need to Know

by Danielle Barbour March 16, 2026March 16, 2026 | Regulatory Compliance

When AI assistants arrived in enterprise environments, something unusual happened in compliance programs: they were classified as tools, not as data access systems. The logic was intuitive — the AI...

Why DORA Changes Everything for EU Financial Institutions This Year

by Danielle Barbour March 13, 2026March 13, 2026 | Regulatory Compliance

The Digital Operational Resilience Act fundamentally reshapes how financial institutions across the European Union manage third-party risk, protect critical data flows, and demonstrate regulatory compliance. Unlike previous directives focused on...

How UK Banks Meet DORA Operational Resilience Requirements in 2026

by Danielle Barbour March 13, 2026March 13, 2026 | Regulatory Compliance

UK banks operating within the EU regulatory perimeter or serving EU customers face an environment where digital operational resilience has evolved from a technical concern into a regulatory obligation with...

What Belgian Financial Institutions Need to Know About NIS 2 Requirements

by Danielle Barbour March 13, 2026March 13, 2026 | Regulatory Compliance

Belgium’s financial sector operates under intensified cybersecurity obligations shaped by the NIS 2 Directive, which expands the scope of regulated entities, increases penalties for noncompliance, and enforces stricter accountability for...

Why Third-Party Risk Management Is Critical for Financial Services Compliance

by Danielle Barbour March 13, 2026March 13, 2026 | Third Party Risk

Financial institutions operate within an interconnected ecosystem where third-party vendors handle sensitive customer data, process transactions, and support critical operations. Every external relationship introduces compliance exposure, operational risk, and potential...

Kiteworks Advances to FedRAMP High In Process: One Step Closer to Full Authorization

by Danielle Barbour March 13, 2026March 18, 2026 | Regulatory Compliance

Kiteworks has advanced to FedRAMP High In Process status for its Secure Gov Cloud offering. This significant cybersecurity milestone, confirmed on March 12, 2026, positions Kiteworks as an active candidate...

What Qatar Financial Services Need to Know About Cross-Border Data Transfers

by Danielle Barbour March 10, 2026March 10, 2026 | Regulatory Compliance

Financial institutions in Qatar operate in a jurisdictional environment where cross-border data transfers involve multiple regulatory frameworks. Qatar’s data protection regime — established under Law No. 13 of 2016 on...

Can I Use a U.S.-Based Cloud Provider If My Data Must Remain Within the EU?

by Danielle Barbour March 9, 2026March 9, 2026 | GDPR Compliance

The short answer is: conditionally. A U.S.-based cloud provider with EU data centres is not automatically disqualified from hosting EU-resident data — but compliant use requires more than choosing a...

How Do Standard Contractual Clauses Address Data Sovereignty Concerns — and Where Do They Fall Short?

by Danielle Barbour March 9, 2026March 9, 2026 | GDPR Compliance

Standard Contractual Clauses SCCs are the most widely used mechanism for transferring EU personal data to third countries. They are also, since Schrems II, widely misunderstood — treated as a...

Why EBA Outsourcing Guidelines Demand Encryption Key Control

by Danielle Barbour March 9, 2026March 9, 2026 | Regulatory Compliance

The European Banking Authority’s outsourcing guidelines (EBA/GL/2019/02), which came into full effect in 2022, establish strict requirements for how financial institutions delegate technology services to third-party providers. Among these requirements,...