By Thor Olavsrud
Jan. 10, 2017
"The 72 hour notice requirement to E.U. authorities under the GDPR is going to put U.S.-based organizations in a difficult situation," says Dominic Paluzzi, co-chair of the Data Privacy & Cybersecurity Practice at McDonald Hopkins. "The upcoming E.U. law may just have the effect of expediting breach notification globally, although 72 hour notice from discovery will be extremely difficult to comply with in many breaches. Organizations' incident response plans should certainly be updated to account for these new laws set to go in effect in 2017."
"Clearly, the biggest challenge for businesses in 2017 will be preparing for the entry into force of the GDPR, a massive regulatory framework with implications for budget and staff, carrying stiff fines and penalties in an unprecedented amount," adds Omer Tene, vice president of Research and Education for International Association of Privacy Professionals. "Against a backdrop of escalating cyber events, such as the recent attack on Internet backbone orchestrated through IoT devices, companies will need to train, educate and certify their staff to mitigate personal data risks."
Experian predicts the lack of preparedness, and the high stakes involved, mean at least one U.S. multinational will take a significant hit to its valuation in 2017 due to an international data breach.
Experian recommends companies confront this threat by working to comply with the new rules, including "dry runs" to ensure they are properly prepared.