The EU's General Data Protection Regulation, which has been in effect since May 25, 2018, gives EU data protection authorities the ability to levy steep fines on organizations that fail to take seriously their responsibility to safeguard Europeans' personal data (see: France Hits Google with $57 Million GDPR Fine).
But organizations are still waiting to see what precise impact GDPR will have on the data breach landscape, including the costs organizations might face not just from cleanup, multiple investigations by regulators and potential sanctions, but also class action lawsuits, says Ian Thornton-Trump, head of cybersecurity at financial services firm AMTrust International in London (see: GDPR: Data Breach Class Action Lawsuits Come to Europe).
"What we know from data breach is it's a painful experience on an organization," he says in an interview with Information Security Media Group. "What we don't know is, is that pain terminal, or is that pain survivable, because we haven't had one go all the way through yet."
In this audio interview (see audio link below photo), Thornton-Trump discusses:
How GDPR and the results of regulators' investigations could reshape the European data breach landscape; The ramifications of the class action lawsuit against U.K. supermarket giant Morrisons, which was found liable for an employee who leaked payroll data; Comparing the state of data breach litigation in the U.S. to the U.K.; What all organizations that must comply with GDPR should be doing now.Thornton-Trump is head of cybersecurity at AMTrust International, which is part of AMTrust Financial Services, as well as chief technology officer for Octopi Managed Services, an MSP based in Canada that has a U.K.-based research lab. Previously, he served as head of security for ZoneFox, as global cybersecurity strategist for SolarWinds and as a civilian criminal intelligence analyst for the Royal Canadian Mounted Police, among other roles.