2017 looks to be the year when privacy and data security compliance expectations here and across the Atlantic become clear and compelling for U.S. companies. Companies know that huge privacy and security fines lurk in the European Union, but they may not truly understand the seismic changes coming to Europe’s privacy regime.
At home, U.S. boards loathe consumer, market and regulatory scrutiny that follows data breaches—just ask Yahoo. They undertake (or delegate) data security risk analysis and mitigation, and begrudgingly budget (not enough) for cybersecurity. But the significance of nitty-gritty data security regulatory enforcement standards and data breach class litigation likely aren’t on the boardroom radar.