From Bryan Cave, this free resource on Incident Readiness and Response:
Since the first publication of this handbook in 2014, the legal ramifications for mishandling a data security incident have become more severe. In the United States, the number of federal and state laws that claim to regulate data security has mushroomed. The European Union has also enacted a new General Data Protection Regulation which will extend the United States framework for responding to data breaches across the EU, but with significantly enhanced penalties. This handbook provides a basic framework to assist in-house legal departments with handling a security incident.
Click here for the Data Security Breach Handbook 2016 edition.