close
close

Regulatory changes are on the horizon. Are businesses ready?

Posted on by angelo
Regulatory changes are on the horizon. Are businesses ready?

Events, Infosecurity Europe Conference, Security and Exchange Commission (SEC) Compliance

Rohan Massey of Ropes & Gray on compliance challenges and strategic prioritization

Anna Delaney (annamadeline) •
June 14, 2024


Rohan Massey, Partner, Ropes & Gray


The increasingly regulated cybersecurity landscape is evolving in Europe, America and Asia – and more is on the horizon, said Rohan Massey, partner at Ropes & Gray. In Europe alone, organizations must comply with more than 100 pieces of legislation, whether statutory or planned.

See also: What makes healthcare a prime target for ransomware?

But the biggest compliance challenge lies in complexity: understanding which law will apply to organizations, especially since many regulations have extraterritorial effects. Massey urged organizations to start looking at what they have internally, “prioritizing the risks around them, ensuring they have internal management, compliance and governance programs that are documented and that they can actually act when an incident occurs.”

“It’s about creating a program that works for you, not everyone,” he said. “Look at your business and think about how it applies. What are the risks based on what you do, the data you manage and how you manage the volume, size, sensitivity and location ?”


In this video interview with Information Security Media Group at Infosecurity Europe 2024, Massey also discussed:

  • How the upcoming NIS 2 directive will affect EU businesses and those working with the EU;

  • How to develop robust incident response plans and governance structures;

  • How to ensure third-party vendors and partners comply with applicable regulations.


Massey has been practicing in the data and data protection fields for over 20 years and focuses on complex data protection and cybersecurity issues affecting multinational organizations. He specializes in international data transfer matters and advises clients on global compliance programs, data breach management issues and cyber incident response.