Complexity Increases Along With Underlying Security Threats

The European’s new data security regulations called the General Data Protection Regulation (GDPR) goes into effect in May. This law is similar to some of the regulations emerging in various US States, like the New York State Cybersecurity regulations, but in some cases goes further. It attempts to give Europeans control over their personal data. Any firms collecting European citizen data is subject to the regulations, including US multinational insurers. GDPR mandates the hiring of a data protection officer (DPO), much like the New York State Cybersecurity regulations mandate a CISO. Insurers will be competing with any company holding EU citizen data, which is virtually all companies doing business in Europe.

The DPO is similar to CISO’s in some important ways. They will need to own data audits for compliance, train employees on data privacy, and serve as a point of contact for European regulators. Under NY Sate law, CISO’s own the security program, which is defined broadly by NIST standards, act as a point of contract for the NY Department of Financial Services (DFS) and own the security education programs in their firms. Like CISO’s in the US, and as outlined in a recent article in Insurance Journal, there will be a shortage of DPO’s in Europe. Since Germany had similar laws historically, they will be in high demand across the continent.

There are some other key differences in the US State regulations and the EU laws. The primary one is the “right to be forgotten.” The EU is requiring deletion of all data related to an individual if they request it and there is no longer a business or regulatory reason to hold the data. The US provisions are different. This is a non-trivial requirement, since data is copied across instances for backups, cloud storage, and various data storage repositories.

Finally with Brexit, we know that the UK will end up with similar but different laws completely. This is much like the US states, adopting various versions of the NAIC model law and the NY State law. Complexity is increasing along with the underlying threats.

The challenges around security regulation continue to multiply!

Add new comment

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
1 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

How can we help?

If you have a question specific to your industry, speak with an expert.  Call us today to learn about the benefits of becoming a client.

Talk to an Expert

Receive email updates relevant to you.  Subscribe to entire practices or to selected topics within
practices.

Get Email Updates