Companies that become a target of a cyberattack may face global impacts. Cyberattacks often cause cross-border and thus cross-jurisdictional data breaches as, for example, data is often stolen or illegally published from a company’s subsidiary in a different country.
An issue in such events is that each jurisdiction has different requirements regarding the notification of authorities and the subjects of the data breach. Companies have to establish in how many countries a data breach occurred and if there are special notification requirements with respect to the data subject and the national authorities. Further, targets of cyberattacks may face difficulties estimating the amount of fines and penalties and third party claims since the relevant provisions vary from one country to another. In addition, each jurisdiction imposes different requirements on risk management.
GDPR – a harmonisation of these approaches
Within the European Union, these different approaches will be harmonised on 25 May 2018 when the General Data Protection Regulation (GDPR) comes into effect. As a regulation, the GDPR directly applies in each member state and does not need to be transposed into national…
