close
close

Regulatory changes on the horizon. Are companies ready?

Posted on by darion

Events , Infosecurity Europe Conference , Security and Exchange Commission (SEC) Compliance

Ropes & Gray’s Rohan Massey on the challenges of regulatory compliance and strategic prioritization

Anna Delaney (annamadeline) •
June 14, 2024


Rohan Massey, Partner, Ropes & Gray


The increasingly regulated cybersecurity landscape is changing in Europe, America and Asia – and there’s even more on the horizon, said Rohan Massey, partner at Ropes & Gray. In Europe alone, organizations must comply with over 100 legal acts contained in statutes or projects.

See also: What makes healthcare a prime target for ransomware?

However, the biggest compliance issue is complexity – trying to understand which law will apply to an organization, especially since many laws have extraterritorial effects. Massey urged organizations to start examining their internal resources, “prioritizing risk, making sure they have internal management programs and compliance and governance programs that are documented and can actually operate when an incident occurs.”

“It’s about building a program that works for you, not the standard for everyone else,” he said. “Look at your business and think about how it applies. What are the risks in what you do, what data you handle, and how you deal with volume, size, sensitivity and location?”


In this video interview with Information Security Media Group at Infosecurity Europe 2024, Massey also discussed:

  • How the upcoming NIS 2 directive will affect EU businesses and people doing business with the EU;

  • How to build robust incident response plans and management structures;

  • How to ensure that external suppliers and partners comply with relevant regulations.


Massey has had over 20 years of experience in data protection and protection, focusing on complex data protection and cybersecurity issues affecting international organizations. He specializes in international data transfer and advises clients on global compliance programs, data breach management and responding to cyber incidents.