The International Association of Information Technology Asset Managers (IAITAM) has warned that companies failing to start planning around the EU’s data protection requirements are in for a nasty shock.
The IAITAM said thousands of US firms that do business in Europe directly or online with European customers will need to clue up in order to deal with the regulations.
The association said in particular IT asset managers need to revise the rules for data breach disclosures and data protection officers.
IAITAM chief executive, Barbara Rembiesa, said: “These are sweeping changes to how personal and corporate data is to be handled. They have far-reaching implications for many aspects of US businesses, particularly in terms of how information security is addressed.
“The days are long past when US businesses could worry only about complying with laws and rules in the US. Companies that fail to start planning now to deal with the GDPR requirements are going to be in for a real shock”
Partner at legal firm Hunton and Williams, Bridget Treacy, said: “There are challenges ahead. A lot of companies will have their work cut out for them to be compliant in time.
“All organisations that have not done so already really have to start thinking in very pragmatic terms about what the GDPR means for the business and how they are going to handle their data assets, because two years is not much time.”
IAITAM said the changes the GDPR makes to the definition of a data breach are significant and if an organisation experiences a breach it must be reported within 72 hours of the company becoming aware of the breach.
View Internet News Archive