Access your Pro+ Content below.
GDPR breach notification: Time to focus on the requirements
This article is part of the Information Security magazine issue of February 2018, Vol. 20, No. 1
As U.S. companies scramble to meet the European Union's General Data Protection Regulation, security professionals question whether they can implement changes in time for the May 25, 2018, deadline. It's not clear whether they have the tools and processes in place to properly respond to the 72-hour GDPR breach notification requirement. "I think the 72-hour time period is a really quick turnaround," said Bob West, CEO of consultancy Echelon One. "Even many of the banks I worked with on this were in a reactionary mode. And if the banks are reactionary, think about everyone else." The mandatory 72-hour GDPR breach notification period has security professionals concerned because the U.S. has no national data breach notification requirement, and the hodgepodge of 48 state laws that exist typically require notification within 30 to 45 days. With potential sanctions and fines of up to $20 million or 4% of global revenue, companies are on alert. GDPR replaces the Data Protection Directive of 1995. The GDPR breach notification ...
Access this PRO+ Content for Free!
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Features in this issue
What's on the short list for enterprise cybersecurity programs in the coming year? As attack vectors increase -- think IoT -- we ask information security leaders to discuss their plans.
The Rackspace CISO joined the enlisted ranks in the Air Force, eventually becoming an officer with global responsibilities before moving to the private sector.
Some large U.S. companies have been working behind the scenes on GDPR requirements for more than a year, but there's strong evidence that many have not been as diligent.
Columns in this issue
Smaller companies -- with fewer than 5,000 employees -- in particular may be hit hard by GDPR requirements and other data compliance hurdles. A new report does the math.
Cohen is a globally recognized expert in information protection and cybersecurity. Since coining the term 'computer virus,' he has remained a pioneer in information assurance.