Large US firms may be among the first targets of EU regulators once the General Data Protection Rule goes into effect. (Editor’s Note: this blog post first appeared on Digital Guardian’s Digital Insider blog. You can read the full post here. )
U.S. firms that think they’re immune to the requirements of the EU’s new General Data Protection Rule (GDPR) may have a surprise coming: they may be among the first targets of EU regulators when the law takes effect, according to a panel of security and policy experts.
U.S. firms will almost certainly be in the sights of EU regulators come May, 2018, when GDPR provisions governing the protection of customer and employee data take effect, said Ari Schwartz, the Managing Director of Cybersecurity Services at Venable, and former special assistant to the President and Senior Director for Cybersecurity in the Obama Administration.
“Will they target US companies? Yes,” Schwartz said at a roundtable discussion of GDPR in Boston on November 28.
Other experts agreed, saying that US companies with a high profile in the EU but lax data protection practices could be among the first targets, especially in light of major breaches at US firms like Equifax and Uber that also have large footprints in the EU.
Regulators may set their sights on a few, prominent US firms to make an example of them, said Marc French, the Chief Trust Officer at the firm Mimecast. Enforcement actions are unlikely in May, when the law takes effect, but could come before the end of 2018, he said.
Read the full post on Digital Guardian’s Digital Insider blog.