Talk About It

The EU General Data Protection Regulation is to take effect in May 2018, and its rules will reshape how companies will need to respond to cybersecurity issues. To ensure effective corporate responses, communication teams will need to be kept up to date on how these new regulations will change their existing approaches.

Writing for, Stephanie Bailey offers some observations on key issues within the regulations, including:

  • The shortened reporting time, requiring businesses to notify both regulators and consumers of breaches within 72 hours, reducing the window for forensic investigations, obtaining legal advice, and establishing communications strategies.
  • The increased maximum fines for breaches in the case a company violates basic data security principles, allowing for up to 4% of a business' annual turnover, instead of a previous hard cap on fines.
  • The increased pressure on communications specialists to establish processes to harden their companies' reputations, given the perception among consumers that companies are not taking data threats seriously.