HITRUST builds GDPR into its data protection framework

HITRUST, an information security organization, is expanding its framework to include requirements from the General Data Protection Regulation (GDPR) and the Singapore Personal Data Protection Act (PDPA). The expansion aims to simplify global compliance for organizations operating on a global scale. HITRUST is also seeking recognition as a GDPR certification standard and is evaluating becoming an Accountability Agent under the APEC Cross Border Privacy Rules and Procedures for Processing programs. This move comes as the US government works on integrating risk management across all aspects of business.