As we begin 2018, there are two key issues that are top of mind for legal professionals right now–cybersecurity and the General Data Protection Regulation (GDPR).

GDPR is a substantial new privacy and data security law. The rollout and interpretation of it will cause widespread legal uncertainty and controversy, and the controversy will be especially acute when a company suffers a data breach. GDPR applies to a surprisingly broad range of companies, including any that sells products or services to consumers in the EU, regardless of whether the company has a physical presence there.

Benjamin Wright, attorney and SANS Institute instructor of law of data security and investigations, recently sat down with Inside Counsel to discuss the steps organizations can take to help manage their legal risk as well as General Data Protection Regulation, which goes into effect May 25. In addition to his legal work, Wright is the LEG523: Law of Data Security and Investigations course author and instructor with the SANS Institute