The influence of the EU GDPR (General Data Protection Regulation) has reached Ohio. On August 3, 2018, Governor John Kasich signed into law Senate Bill 220, which rewards organizations for strengthening their cybersecurity measures.
The Bill states that organizations that can demonstrate effective defense capabilities will be given “an affirmative defense to tort claims, based on Ohio law or brought in an Ohio court, that allege or relate to the failure to implement reasonable information security controls which resulted in a data breach.”
According to the Bill, its purpose is “to be an incentive and to encourage businesses to achieve a higher level of cybersecurity through voluntary action.”
This follows the introduction of the GDPR in May 2018, which U.S. organizations have been slow to recognize. Some view it as an unnecessary compliance burden, and many still haven’t met the Regulation’s requirements. However, the fact that other regulators are introducing cybersecurity laws shows how important the subject is.
Organizations in Ohio that are within the GDPR’s scope should already be complying with the Regulation and benefitting from improved cybersecurity practices. They will also meet the requirements of Senate Bill 220, giving them an additional benefit. The GDPR applies to all organizations that monitor the behavior of, or offer goods and services to, EU residents – irrespective of the organization’s location or where the data is processed.
But if your organization isn’t GDPR-compliant yet, or doesn’t know whether it needs to be, don’t worry. We offer a host of free resources to help you understand the Regulation, and recommend starting with our webinar: Do I need to comply with the GDPR? What North American organizations need to know about data privacy.
Sign up for our webinar
This webinar will take place on Tuesday, October 9, 2018 at 1:00 pm (EDT). If you can’t make the presentation, it will be available to download from our website, where you can also browse our previous webinars.
You can also preview our upcoming presentations, including the rest of our GDPR series. There will be four more presentations between now and the end of the year, each one covering a specific aspect of the Regulation.