JUser: :_load: Unable to load user with ID: 74

Estimated reading time: 2 minutes, 37 seconds

Ken Stasiak, RSM USThe phrase “General Data Privacy Regulations: and the abbreviation "GDPR" are spreading rapidly on American business websites. And while the major new European Union regulations do not apply to residents of the United States, they may eventually impact much of this country's computers.

The United States has “been behind the curve in the privacy arena,” says Ken Stasiak, a principal at RSM US.

American companies will be impacted if they have data about EU residents, he notes. But it is also likely American companies, faced with complying with regulations in one part of the world, will simply decide to apply the standards everywhere they do business.

The possibility of the spread of standards like GDPR was spelled out in mid-May comments on RSM’s special report on mid-market cybersecurity. In those comments, Daimon Geopfert, the firm’s principal and national leader of security and privacy services, said, “GDPR is an indicator of the very likely course of upcoming privacy laws in the U.S., and organizations would be well-served to start implementing GDPR-style processes around data privacy and consent.”.  

If nothing else, businesses in this country need to know where data is and if they store data about EU residents because they could face severe fines for violations. Those are 2 percent of a company’s overall revenue “not just in areas under GDPR, but globally,” Stasiak says.

News about GDPR is spreading. Last month, BDO USA and InterEdge announced the launch of GDPR Edge, a blockchain application for increasing security of application code and data. BDO is integrating the application in its governance, risk, and compliance advisory services.  Microsoft is promoting the product launch and the system itself utilizes  Intel Software Guard Extensions.

Meanwhile Thomson Reuters is promoting the new privacy era on its website under the headline “Data Privacy: a New Dawn in the Age of GDPR”.  The page has interviews with a variety of experts, including some from EY, and a section “views from the C Suite”, featuring interviews from C-level leaders from several major companies.

An August 2017 RSM article on cybersecurity notes EU data needs to be segregated form other customer data “much in same way that U.S. organizations now protect and segregate credit card data through network segmentation standards under the Payment Card Industry Data Security Standard.”

It also points out, “ Under GDPR, individuals can request that companies provide all data they maintain about them, and extensive, detailed information about how such data is protected.”

RSM's Stasiak says there are many details to be worked out about how GDPR will be implemented The implementation of HIPAA (Health Insurance Portability and Accountability Act of 1996) probably provides a good analogy for how GDPR will play out. “HIPAA  has taken a long time for us government to roll out and hammer out requirements,” he says. Parts of GDPR are likely to take a similar course.

Stasiak says the difference between EU regulations and the American approach is that under GDPR, data privacy must be built into systems from the beginning.

The key question companies must answer about company data is “Do you know where that data is being stored and processed,” Stasiak says.


Last modified on Tuesday, 05 June 2018
Read 3119 times
Rate this item
(0 votes)
Tagged under

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline