Variations in State Data Breach Disclosure Laws Complicate Compliance

infosec island 2

In the constantly evolving security regulatory landscape,  the new data breach notification laws are not so good news for businesses who are already struggling to stay on top of it. These new laws, for companies, mean increased workloads and increased expenses. GDPR applies to all companies who are operating in Europe and all business with a website or an app that processes data of EU citizens. Failure to comply with the GDPR could result in substantial fines: up to €20 million or 4 percent of a company’s global revenue, whichever is higher.

Even though there are many elements involved in meeting data breach disclosure requirements, incident response plays a central role. Incident Response consists out of pre-breach planning and post-breach action, both of which can help organizations to prevent and detect breaches, comply with the data breach disclosure regulations, notify the stakeholders within appropriate timeframes, and take sufficient measures.

With the right processes, procedures and the right technology in place, incident response is key in order to understand, remediate and communicate the details of a data breach. Being able to find out and understand what exactly happened, what data was impacted and how is the first and the most important step in being able to meet disclosure law requirements and comply with tight notification deadlines.

This article was originally published on Infosec Island. Read the entire article here.