After this lesson, you will be able to: Navigate GDPR/HIPAA/PCI-DSS audit processes and the consequences of non-compliance.
Voluntary frameworks (ISO/SOC 2) say 'if you want this badge, do these things'. Regulatory frameworks (GDPR/HIPAA/PCI-DSS) say 'do these things or face fines and lawsuits'. The teeth are different.
GDPR, covered in cs-dlp-06 (privacy, EU residents). HIPAA. US healthcare, PHI. PCI-DSS, anyone processing payment cards. Mandated by the card brands (Visa, Mastercard), not government, but contractually unavoidable.
1. Pre-audit gap assessment.
2. Remediation period.
3. Audit fieldwork (auditor reviews evidence).
4. Report drafted.
5. Annual recurrence (or quarterly for some frameworks).
GDPR, fines up to 4% global revenue. HIPAA, fines up to $1.5M/yr per category, criminal charges for willful neglect. PCI, fines $5K-$100K/month, eventual loss of ability to process cards = company death.
Fill in.
Sign in and purchase access to unlock this lesson.