Organisations that operate across multiple jurisdictions should take the time to understand the regulatory requirements they would be subject to in the event of a data security incident, in light of the global cyber risk they face and recent moves by policy makers across the world to bolster data security requirements.
https://www.pinsentmasons.com/out-law/analysis/cyber-incident-response-going-global