⚖️ DOJ’s Data Security Program enforcement heats up

📝Editor’s Note

The EU AI Act officially entered into force last week, setting the stage for stricter controls on AI use across all sectors. While most obligations won’t apply until 2026, companies using high-risk AI systems should already be reviewing their risk classification, documentation processes, and transparency practices. Early preparation will be key to avoiding penalties and disruptions later.

📊 Featured Analysis

DOJ’s Data Security Program enforcement heats up

A new Morgan Lewis report highlights that as of July 8, 2025, full compliance with the DOJ’s Data Security Program (DSP) is required. Established under Executive Order 14117 and effective April 8, 2025, the DSP places strict controls on U.S. sensitive personal and government-related data, especially in dealings with “countries of concern”. Transactions classified as “prohibited” or “restricted” face tight security prerequisites, and violations expose companies to penalties up to $368,136 or twice the transaction value, plus criminal charges including fines up to $1 million and 20 years in prison for willful breaches.

✅ Best Practice Spotlight

Compliance checklist for DSP readiness

• Identify and document any “prohibited” or “restricted” data operations.

• Update data transaction policies and vendor contracts.

• Ensure encryption, multi-factor authentication, and data minimisation in place.

• Provide staff training on DSP definitions and reporting responsibilities.

• Retain compliance records for at least 10 years for audit or enforcement reviews

🛠️ Tool of the Week

GDPR & CCPA Compliance Software

Vanta is a comprehensive compliance suite to streamline privacy law obligations across jurisdictions

• Automated data subject request workflows.

• Built‑in policy management and breach notification templates.

• Audit logs and compliance metrics dashboards.

• Vendor risk evaluation and third-party verification.

• Interactive training modules and regulatory update alerts

🌟 Leader Spotlight

GTC Consulting has been honoured by Pharma Tech Outlook as the Top Pharmaceutical Security & DEA Compliance Solution Provider 

GTC specialises in DEA compliance, controlled substance security, and risk management for pharmaceutical firms, offering audits, litigation support, and expert regulatory guidance. CEO Benjamin Mink noted their “battle‑tested experience helps clients fully understand risk,” underscoring the value of deep sector knowledge in safeguarding regulated data and operations.

📚 Recommended Reading

• COVID-19 Relief: Treasury Could Improve Compliance Procedures and Guidance for State and Local Fiscal Recovery Funds

• RegTech leaders explore AI's role in compliance

🗳️ Your Compliance Take

Here are the results of our Tuesday’s poll.

Showcase your brand/product/services in our newsletter and reach over 86,000 industry leaders in compliance! Contact us today to advertise with PlanetCompliance.