Todd McClelland of Jones Day(Courtesy photo)

European Union th . Certainly, the GDPR's noncompliance penalties (greater of 20 million euros or 4 percent of global annual turnover) caught some attention. China

• Data localization;
• Network monitoring and recordation;
• Categorization of all data collected;
• Backup and encryption of all “important data”;
• Patching in a timely manner; and
• Notifying the public regarding cybersecurity information on system bugs, viruses, network attacks, and network intrusion.

Other Representative Countries

• On February 23, 2018, Australia's Notifiable Data Breaches scheme (NBD scheme), an amendment to the Privacy Act 1988 (“Privacy Act”), came into effect. The NBD scheme requires companies regulated by the Privacy Act to notify affected individuals and the Australian Information Commissioner of eligible data breaches—that is, a data breach that results in serious harm to the affected individual.

• On June 12, 2018, Vietnam passed its Law on Cybersecurity, which gives Operators of Information Systems Critical to National Security (CIS) data localization and other obligations with respect to the management of their CIS and related data. CIS sectors include defense, national security, government, news media, and national information systems for the economic, energy, finance, banking and transportation, chemical, health, cultural, national resources, and environment sectors. Moreover, foreign companies providing telecommunications or internet services in Vietnam must establish offices in Vietnam, store personal information of Vietnamese users and "other important data" in Vietnam, perform a security assessment prior to any cross-border data transfer, and bring their technology products involving cyber services into compliance with "quality assurance" standards before they can be released to the market.

Conclusion As governments across the globe continue to issue new legislation and implementation guidance on cybersecurity, companies with global operations should prioritize coordination, alignment, and execution of best practices to ensure cybersecurity compliance across a wide range of regulatory regimes. Todd McClelland is a partner at Jones Day, where he advises clients on data breach response and other information security-related issues, including pre-breach cybersecurity risk assessment and management, compliance, response preparedness and other risk mitigation activities. The views and opinions set forth herein are the personal views or opinions of the author; they do not necessarily reflect views or opinions of the law firm with which he is associated.