█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Data Leakage Prevention/Compliance and Data Protection Regulations
40 minIntermediate

Compliance and Data Protection Regulations

After this lesson, you will be able to: Understand GDPR, CCPA, HIPAA at a working level and what each requires after a breach.

Once data leaks, the legal regime kicks in. GDPR (EU), CCPA (California), HIPAA (US healthcare) each define what counts as personal/protected data, how fast you must notify, and the financial penalties for failure.

Prerequisites:Insider Threats

GDPR essentials

Applies to any company processing EU residents' data. Six lawful bases for processing (consent, contract, legal obligation, vital interest, public task, legitimate interest). 72-hour breach notification to the supervisory authority. Fines up to 4% of global revenue.

💡 CCPA in one paragraph

California Consumer Privacy Act. Right to know what's collected, right to delete, right to opt out of sale. Applies to companies with $25M+ revenue or processing 100K+ Californians' data. Fines $2,500–$7,500 per violation.

HIPAA basics

US healthcare. Defines PHI (Protected Health Information). Privacy Rule (who can access), Security Rule (technical/physical/administrative safeguards), Breach Notification Rule (notify within 60 days, public posting if 500+ affected).

Breach notification flow (typical)

  1. 1

    1. Discover incident → activate IR plan.

  2. 2

    2. Determine: did personal/protected data leave?

  3. 3

    3. Lawyers calculate which laws apply (often multiple).

  4. 4

    4. Notify regulators within statutory window.

  5. 5

    5. Notify affected individuals.

  6. 6

    6. Public disclosure if scale crosses threshold.

Quick Check

How fast must you notify under GDPR?

Pick one: 24h, 72h, 7 days, 30 days.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Insider Threats
Back to Data Leakage Prevention
Data Leakage Prevention Resources and Next Steps→