Worldwide legislators have reckoned the increasing value of personal data, but so did cyberattackers. Therefore, one may expect legislation to provide sufficient safeguards or ideally, to design a regulatory environment in which businesses can flourish and personal data can be easily protected against any threats. Yet, leaving daydreaming aside, it is a given that malicious actors will always creatively attempt to circumvent both corporate and legal “firewalls”.
So, how can companies legally say “No” to data protection requests that disguise malware attacks? Can one word from data protection laws impact cybersecurity? Do detectability levels or origin make a difference? This presentation will answer all these questions, based on the data protection laws of the EU, UK and complementarily, Japan. Both short- and long-term solutions will be suggested. In the end, companies are not legislators, but can always use other weapons at hand.