Corporate Lawyers Brace For GDPR
In-house lawyers expect to play a greater role in cybersecurity over the next 12 months as organisations brace themselves for the arrival of a tough data protection regime.
The European General Data Protection Regulation comes into force on 25 May, placing new duties on organisations that process personal information.
According to the Association of Corporate Counsel’s latest cybersecurity survey, 67% of in-house counsel expect their department’s role in cybersecurity to increase, compared with 55% who envisaged greater responsibilities in 2015.
Four in 10 say they are in a leadership role at organisational level regarding cyber-security. A third of lawyers have a departmental leadership role; 25% are part of a team designated with cyber-security responsibilities.
At present, 37% of in-house counsel brief the board of directors on cyber-security on an ad-hoc basis; 22% brief their boss’s quarterly. The association says this is double the percentage who reported quarterly briefings in 2015, when 11% briefed directors more regularly or frequently.
Four in 10 respondents work for companies that must be GDPR-compliant. The regime will require firms to make a notification of a breach within 72 hours of discovering it.
In-house lawyers are likely to be involved in the process of identifying what happened, how, what was affected, who was responsible and what data was leaked. However, when asked if the respondent’s company had determined how it will meet the 72-hour requirement, 37% said they had not done so.
You Might Also Read:
GDPR: It’s A Marathon, Not A Sprint:
GDPR Deadline: A Horrorshow Or A Non-Event?:
