Posted on 05/21/2018 12:10:52 PM PDT by davikkm
www.superoffice.com/blog/gdpr/
Companies tell you that they collect this type of information so that they can serve you better, offer you more targeted and relevant communications, all to provide you with a better customer experience.
But, is that what they really use the data for?
This is the question that has been asked and answered by the EU, and why in May 2018 a new European privacy regulation called GDPR will be enforced and permanently change the way you collect, store and use customer data.
In a study of more than 800 IT and business professionals that are responsible for data privacy at companies with European customers, Dell and Dimension Research found that 80% of businesses know few details or nothing about GDPR.
But, perhaps worst of all is that 97% of companies don’t have a plan in place for when GDPR kicks off in 2018 (Tweet this!).
(Excerpt) Read more at investmentwatchblog.com ...
EU regulations.
All our systems are located and operated in the US.
They can go pound sand.
I'd ask someone better qualified than Ruby the nutcase blog writer.
Quite wrong.
Any organization anywhere that collects, creates, manages, uses, transfers or stores EU citizen personally identifiable data, is subject to GDPR data subject rights laws.
Our own FTC is one of the regulatory agencies that will aid prosecution of GDPR violations.
See IAPP.org to get a better under standing of GDPR and compliance.
RE:
“EU regulations.
All our systems are located and operated in the US.
They can go pound sand.”
We have no EU weenie data in our systems.
So again, they can go pound sand.
That’s good.
Complying with GDPR is very challenging.
So you have to comply with PCI (and/or HIPPA?)
All of them are confusing, and make for incredibly well paying consulting and certification jobs.
Mark
You're not kidding there! I've been through some GDPR training, and in it, there were 2 very similar situations, where I got the testing answer wrong,. The difference had to do with whether or not the web site had a conversion capability for dollars to euros. In once case, where the customer could choose to convert his purchase amount from dollars to euros, even though they did not market to the EU or have facilities in any EU country, they still had to comply with GDPR. Removing the ability to convert the dollar amount from the web site removed the requirement.
Any of the PII security certifications is very difficult and time consuming to implement and requires constant certification, testing, and auditing.
Mark
We need to comply with SEC/FINRA regulations. Less well-defined than HIPPA or PCI, but very similar. Think NIST guidance.
We maintain SSAE18 SOC 2 Type 2 certification, which seems to be enough of a challenge for us.
One of our Verizon data centers was recently acquired by IBM, and they came at us with all kinds of paperwork to sign. One form was GDPR compliance. We refused to sign, as we have no EU involvement whatsoever.
They persisted for about 3 months before we finally told them that we’d end our contract with them if they didn’t stop trying to force their one-size-fits-all global contracts on us.
If your systems have data of EU citizens, then they need to comply.
Agreed, but we don’t have any EU citizen data in our systems. We only conduct business with US citizens. Period.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.