US relationship status with GDPR: It’s complicated

By Chad Hemenway on October 5, 2017

The time for US companies to get ready for the EU’s General Data Protection Regulation is now and it’s all hands on deck.

“Who shouldn’t?” answered Liz Walker when asked who within an organization should prepare for the directive, which will transform how businesses process and handle data. It is scheduled to go into effect May 25, 2018.

“This isn’t just a legal department or compliance issue, or a risk management issue,” said Walker, head of enterprise risk and global insurance at Groupon Inc., during a recent Advisen webinar sponsored by CyberScout. “This is going to touch every aspect of your business.”

Large businesses especially tend to be siloed but companies “can’t afford not to break down those silos because it won’t matter when it comes to an investigation or regulatory action. This truly is on everyone,” Walker said.

Download the GDPR compliance infographic.

Lisa Berry Tayman, CyberScout’s senior privacy and information governance advisor, said preparation for the GDPR will “force groups who have not worked together to work together.” She said the entire organization needs to understand how data is collected, received, moves throughout the organization, and transferred.

Tayman said her current role is consultant to a number of organizations who process personal data or act as controllers. The approach right now is that of rapid assessment, prioritizing actions if needed and getting boots on the ground to get the framework supported.

Unraveling, understanding, and assessing the effect of the regulation is a “large undertaking,” said Walker. Aside from compliance issues, Walker has looked to mitigate the risk with insurance but has found coverage could be tricky. A policyholder could find potential coverage with a cyber policy but they are typically triggered by a breach, but fines and penalties related to GDPR can be levied without a breach.


This story in an excerpt of the original. The content originally appeared in Cyber Front Page News.
To read the full story, you must be a subscriber. If you are a subscriber, check your email for Cyber Front Page News on October 5, 2017.

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].