While the challenges of the multitude of jurisdictions may be huge, US-based companies, for the most part, are just getting started with any kind of serious effort around data privacy, according to Dimitri Sirota, CEO of data privacy company BigID, who spoke to InformationWeek in an interview. BigID offers an enterprise data management platform. Sirota said that GDPR requires companies to have a full-time data protection officer in place. But US companies don’t always have that individual or practice. US CIOs may be viewing what’s happening with Facebook over the past few weeks like a deer in headlights.