cancel
Showing results for 
Search instead for 
Did you mean: 

Data Protection - EU Rules - even if your company isn't in the EU

Community Veteran
Posts: 38,460
Thanks: 1,031
Fixes: 62
Registered: ‎15-06-2007

Data Protection - EU Rules - even if your company isn't in the EU

Just saw this when looking for something else

https://www.forbes.com/sites/sap/2018/02/22/3-gdpr-myths-that-could-cost-your-organization-millions/...

Any organization that believes GDPR doesn’t affect them might have a big surprise come June of 2018. Even if your company doesn’t have servers or a business presence in the EU, you must comply with GDPR if you:

– Process personal data of EU citizens or residents

– Have more than 250 employees

– Have less than 250 employees, but regularly collect and process personal data of citizens

From purchasing a product, to newsletter subscriptions to promotional offers, each facet of customer interaction requires that GDPR compliance is met.

This could be really interesting - or should that be worrying if your company collects any data on EU Residents

5 REPLIES
Pete11
Seasoned Pro
Posts: 856
Thanks: 251
Fixes: 4
Registered: ‎17-02-2017

Re: Data Protection - EU Rules - even if your company isn't in the EU

It got me thinking about when we leave the EU. Will those people still be classed as EU citizens?

A float tip is pleasing in its appearance and even more pleasing in its disappearance.
Growing old is inevitable...But growing up is optional.
Community Veteran
Posts: 5,618
Thanks: 628
Fixes: 1
Registered: ‎21-03-2011

Re: Data Protection - EU Rules - even if your company isn't in the EU

Last month I couldn't resist reading a 320 page book on GDPR, but that doesn't make me a bad person does it?

GDPR is essentially the old UK Data Protection law on steroids, coupled with the French/German paranoia about the USA holding data on EU citizens. It's now hopelessly mangled and over-complex.  Essentially any record, paper or electronic, comes under its scope excepting your personal family address book. The laws attempt to be extraterritorial, for example at USA based company holding information on US soil about EU citizens.

For example the IP address of your home computer can be regarded as personal data.

The problem is that all kinds of myths will arise. I recently had a service technician in fixing our dish washer. He was telling me that his company hold told him they couldn't in future use a smartphone to take card payment because of the new EU laws. There's nothing in the GDPR laws to prevent that process as long as I'd given consent and they deleted the data when it was no longer needed to perform the contract.

Now Zen, but a +Net residue.
Community Veteran
Posts: 3,790
Thanks: 444
Fixes: 6
Registered: ‎05-04-2007

Re: Data Protection - EU Rules - even if your company isn't in the EU

It reminds me of my old company.

We stored personal details of people, but due diligence when challenged by certain people meant the data had to be stored on servers within the EU.

Of course in this day and age, it doesn't matter if it is stored in the US, or the Docklands data centre in London (not that far from me). But Due Diligence people don't understand IT and have to raise issues to justify their jobs.

Yes, going back to the original post I wonder how the rules will affect us.

Community Veteran
Posts: 5,618
Thanks: 628
Fixes: 1
Registered: ‎21-03-2011

Re: Data Protection - EU Rules - even if your company isn't in the EU

The EU laws applied to the UK last year, before Article 50, but countries were given a year's grace to implement the rules. So it's highly likely we'll follow the rules after Brexit.

Now Zen, but a +Net residue.
Community Veteran
Posts: 14,418
Thanks: 720
Fixes: 10
Registered: ‎01-08-2007

Re: Data Protection - EU Rules - even if your company isn't in the EU

A lot of places seem to ignore data protection rules anyway from what i can work out.

I've worked for two councils, neither seems too fussed about keeping data protection policies in force. One of them had records of previous staff going back over 10 years! Having just left a government dept and having had DPA training that had come direct from Westminster, i knew full well what the rules were and pointed them out. Needless to say my manager wasn't overly happy that they had to annonymize loads of data. I suspect in reality they still had it stashed but just worked out how to hide it.

I had contact with the police a while back, they needed some info from me about someone they were investigating. The chappie had every address i'd lived at for over 20 years. How do you think he got hold of all of that? The police shouldn't be gathering and keeping data on people who've committed no crime, the councils are supposed to comply with Data Protection laws and destroy their data and letting agencies / landlords are not exempt either. So that can only mean one thing - most places seem to ignore it and keep peoples data for an eternity.

I need a new signature... i'm bored of the old one!