WSJ Conference on Cybersecurity

There was a conference in NY this week hosted by The Wall Street Journal on Cyber Security. They published a separate section in the NY edition of their newspaper entitled WSJ PRO REPORT – CYBERSECURITY. It is a worthwhile read if you can get your hands on a copy.

This post is a follow up to my December 3rd post ‘GDPR is coming. Are you ready?’. The consensus at the WSJ Cybersecurity conference is ‘NO’, the vast majority of US companies are clearly not paying attention at all. The gist can be found in the WSJ Article from the WSJ paper cited above titled, ‘Here come the EU Rules’. I recommend you read it.

If you would like to discuss GDPR, or other cyber exposure concerns you may have, drop me a line at You might also consider taking my new series of courses on GDPR titled ‘GDPR Essentials for Risk Managers’ which will be available at the global risk academy in January.


Be Safe and Be Secure. See a short retelling of the WSJ article below.


Europe’s Upcoming Privacy Mandate Brings Strict Rules, Hefty Fines

U.S. companies generally are unprepared for coming restrictions regarding how they may handle the personal data of Europeans

By Kim S. Nash                                      Dec. 18, 2017 5:16 p.m. ET

NEW YORK–U.S. companies generally are unprepared for coming restrictions regarding how they may handle the personal data of Europeans, according to privacy experts speaking at the WSJ Pro Cybersecurity Conference here.

The European Union’s General Data Protection Regulation, or GDPR, tightens rules that govern how companies can collect and use information about individuals in Europe. Firms that do not comply with the GDPR’s 99 articles, which are due to go into effect next May, will be subject to fines of up to 20 million euros or 4% of global revenue, Ajay Arora, co-founder and CEO of Vera, told a crowd of cybersecurity executives who gathered Wednesday.

“Penalties are so onerous,” he said, “there’s strong impetus” for senior executives to understand how they treat customer and employee data.

Privacy “has become a trade issue, a market issue,” said Justin Antonipillai, founder and CEO of WireWheel, which provides data privacy services.

GDPR includes how companies must gain informed consent to store and use an individual’s data and how – and how quickly — companies must respond to requests to remove someone’s data. Some companies might be required to hire an outside auditor to assess GDPR compliance, said Mr. Antonipillai, former acting under secretary for economic affairs at the U.S. Department of Commerce, in the Obama Administration.

Companies are subject to the regulation whether or not they have significant operations in Europe, he said.

A GDPR provision that will require significant process and technology changes for U.S. companies, he said, is a requirement to notify officials and, in some cases, customers and employees, of a data breach within 72 hours of discovery.

A company must identify the kind of breach, whose data was affected and the kind of information compromised. “This is why data flow mapping is so critically important,” he said. “If you’re the one who has the customer relationship, you’re responsible for making sure the entire chain that has access to that can let you know in 72 hours. It’s on you.”

Rules in some countries, including France and Germany, are more restrictive than in others. Privacy and security officers, as well as company attorneys, should develop relationships with local regulatory officials to understand their expectations, Mr. Arora said.


Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!