GDPR Resources
-
The UK has covered this already in their Brexit talks. EU laws are not just adopted at the EU level, individual states have to adopt them themselves as part of the process. So in leaving the EU, all those laws are still there in the UK. Of course, we totally expect the UK to run through them and change a lot of them. But the UK was teh leader in writing a lot of them, so a lot will likely be kept anyway. But being post-Brexit doesn't imply anything about an assumed change in laws later. Only that the UK has the power to decide on them, but they have to remove them since they will already exist.
-
Now, I assume, that the wording of the law might only state that EU citizens are covered. So in Brexiting, UK citizens might end up, depending on the wording, being legally repsonsible to protect EU citizens, without being covered themselves.
-
Also to circle back on what you ignored earlier.
Treaties and pacts can and do force other countries to accept and enforce things from other countries.
The most common one to come to mind is the Berne Convention (copyright stuff).
-
@jaredbusch said in GDPR Resources:
Also to circle back on what you ignored earlier.
Treaties and pacts can and do force other countries to accept and enforce things form other countries.
The most common one to come to mind is the Berne Convention (copyright stuff).
Of course they can, I never said anything to the contrary. But they must exist for there to be enforcement. Right now, the US doesn't have any known treaty that does anything like this, and would be very unlikely to because this is a new, unanticipated situation.
Given the nature of the GDPR, it would be extremely hard for earlier treaties to cover it. Now, new treaties might easily address it and add it broadly around the world. That's to be expected. But until that happens, which is the "new laws being made" that I've been mentioning, it's not applicable.
-
@scottalanmiller said in GDPR Resources:
Now, I assume, that the wording of the law might only state that EU citizens are covered. So in Brexiting, UK citizens might end up, depending on the wording, being legally repsonsible to protect EU citizens, without being covered themselves.
Under the terms of the EU compact, the UK is creating a law based on GDPR as are all EU member countries. Unless repealed UK businesses will have to effectively comply with GDPR.
-
@jaredbusch said in GDPR Resources:
@kelly said in GDPR Resources:
@danp said in GDPR Resources:
This link was posted over on another forum just today --
https://techblog.bozho.net/gdpr-practical-guide-developers/Thanks for actually replying to the thread topic @Danp. I'm not really sure what to do with this experience...
Hey, I was supporting you
You have been. It was more that @Danp was on topic. We've both followed @scottalanmiller into his overall derailment.
-
@kelly said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
Now, I assume, that the wording of the law might only state that EU citizens are covered. So in Brexiting, UK citizens might end up, depending on the wording, being legally repsonsible to protect EU citizens, without being covered themselves.
Under the terms of the EU compact, the UK is creating a law based on GDPR as are all EU member countries. Unless repealed UK businesses will have to effectively comply with GDPR.
Exactly. And I doubt that they will repeal.
-
There is some thought that the US-EU Privacy Shield. might bring the GDPR to the US. But it is very unclear if this is true.
-
@kelly said in GDPR Resources:
@jaredbusch said in GDPR Resources:
@kelly said in GDPR Resources:
@danp said in GDPR Resources:
This link was posted over on another forum just today --
https://techblog.bozho.net/gdpr-practical-guide-developers/Thanks for actually replying to the thread topic @Danp. I'm not really sure what to do with this experience...
Hey, I was supporting you
You have been. It was more that @Danp was on topic. We've both followed @scottalanmiller into his overall derailment.
Hardly a derailment, it's the core of the conversation. Outside of the EU, how does the GDPR affect you? It's totally by what local laws (sometimes in the form of treaties) present it to you locally.
-
It worth noting that even if the US-EU Privacy Shield would have made the GDPR possible int he US, Executive Order 13768 may have removed it. The order appears to make the GDPR impossible to implement in the US without further action regardless of existing treaties.
https://www.theregister.co.uk/2017/01/30/trump_executive_order_public_safety_privacy_shield/
-
@scottalanmiller said in GDPR Resources:
@kelly said in GDPR Resources:
@jaredbusch said in GDPR Resources:
@kelly said in GDPR Resources:
@danp said in GDPR Resources:
This link was posted over on another forum just today --
https://techblog.bozho.net/gdpr-practical-guide-developers/Thanks for actually replying to the thread topic @Danp. I'm not really sure what to do with this experience...
Hey, I was supporting you
You have been. It was more that @Danp was on topic. We've both followed @scottalanmiller into his overall derailment.
Hardly a derailment, it's the core of the conversation. Outside of the EU, how does the GDPR affect you? It's totally by what local laws (sometimes in the form of treaties) present it to you locally.
It is the core of a conversation around GDPR, but not core to the question as asked. I'm not objecting to the conversation, finding it amusing how little time has been spent on the original question.
-
@kelly said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
@kelly said in GDPR Resources:
@jaredbusch said in GDPR Resources:
@kelly said in GDPR Resources:
@danp said in GDPR Resources:
This link was posted over on another forum just today --
https://techblog.bozho.net/gdpr-practical-guide-developers/Thanks for actually replying to the thread topic @Danp. I'm not really sure what to do with this experience...
Hey, I was supporting you
You have been. It was more that @Danp was on topic. We've both followed @scottalanmiller into his overall derailment.
Hardly a derailment, it's the core of the conversation. Outside of the EU, how does the GDPR affect you? It's totally by what local laws (sometimes in the form of treaties) present it to you locally.
It is the core of a conversation around GDPR, but not core to the question as asked. I'm not objecting to the conversation, finding it amusing how little time has been spent on the original question.
Well, I think digging into where it applies and where it doesn't is answering that in most cases. For most companies, knowing if it affects them or not is the primarily piece of preparation.
For those doing deep, intentional data processing of those resources it's way, way more complex. But that's likely to be a tiny minority of companies. Mostly, I think, that's going to fall to development departments rather than IT.
-
What I believe to be the intent around the GDPR really hits companies that are doing custom / bespoke applications for the data processing. Especially the US ones. EU companies aren't handing off to the US just for CPU power, but for local expertise or systems.
So the primary concerns are around database systems that can identify the points of privacy and having a means of purging them. Really, I think that having that alone covers most needs. Just the ability to "delete". Which previously, almost no one had.
-
@scottalanmiller said in GDPR Resources:
@kelly said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
@kelly said in GDPR Resources:
@jaredbusch said in GDPR Resources:
@kelly said in GDPR Resources:
@danp said in GDPR Resources:
This link was posted over on another forum just today --
https://techblog.bozho.net/gdpr-practical-guide-developers/Thanks for actually replying to the thread topic @Danp. I'm not really sure what to do with this experience...
Hey, I was supporting you
You have been. It was more that @Danp was on topic. We've both followed @scottalanmiller into his overall derailment.
Hardly a derailment, it's the core of the conversation. Outside of the EU, how does the GDPR affect you? It's totally by what local laws (sometimes in the form of treaties) present it to you locally.
It is the core of a conversation around GDPR, but not core to the question as asked. I'm not objecting to the conversation, finding it amusing how little time has been spent on the original question.
Well, I think digging into where it applies and where it doesn't is answering that in most cases. For most companies, knowing if it affects them or not is the primarily piece of preparation.
For those doing deep, intentional data processing of those resources it's way, way more complex. But that's likely to be a tiny minority of companies. Mostly, I think, that's going to fall to development departments rather than IT.
The question was asking for resources that people are using for learning about GDPR. There are very few links to other resources other than ones I've (and now @Danp) provided.
-
Lynda has a course!
https://www.lynda.com/Business-Skills-tutorials/Learning-GDPR/693080-2.html
-
@scottalanmiller said in GDPR Resources:
Lynda has a course!
https://www.lynda.com/Business-Skills-tutorials/Learning-GDPR/693080-2.html
Wow, a 13 minute "course". Lynda is setting the bar pretty low. I've spent way more time digging through materials. Even the course I linked above is several hours.
-
@kelly said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
Lynda has a course!
https://www.lynda.com/Business-Skills-tutorials/Learning-GDPR/693080-2.html
Wow, a 13 minute "course". Lynda is setting the bar pretty low. I've spent way more time digging through materials. Even the course I linked above is several hours.
Yeah, I think anything "real" is going to be taught by lawyers and be pretty in depth. It's a painful topic.
-
@scottalanmiller said in GDPR Resources:
@kelly said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
Lynda has a course!
https://www.lynda.com/Business-Skills-tutorials/Learning-GDPR/693080-2.html
Wow, a 13 minute "course". Lynda is setting the bar pretty low. I've spent way more time digging through materials. Even the course I linked above is several hours.
Yeah, I think anything "real" is going to be taught by lawyers and be pretty in depth. It's a painful topic.
That is part of what attracted me to the course I linked. It is being taught by faculty at the law school the University of Groningen.
-
I received a response from one of the lawyers who wrote a blog post warning US companies about the potential impacts of GDPR. I don't have his permission to post his response, so I will do my best to paraphrase.
GDPR will fall under cross-border assertions. What this means is that EU regulators will bring an action against a US company in the EU. While the US company could accept the jurisdiction of the EU court, it will most likely ignore it. In that case, once the regulator has a judgement from the EU court it will take the ruling to a US court and ask for it to be enforced by the US court. There is a whole body of law and set of expertise around when these get enforced, but it is likely (in his perspective) that US courts will enforce the judgement because of the desire to have the opposite (US judgements against EU citizens in the EU) to be upheld by EU courts.
He believes that because of the limitations that GDPR places upon its jurisdiction (EU citizens being provably targeted by a US company) that there is a strong potential that this will affect US (and any other non EU) companies.
-
@kelly said in GDPR Resources:
I received a response from one of the lawyers who wrote a blog post warning US companies about the potential impacts of GDPR. I don't have his permission to post his response, so I will do my best to paraphrase.
GDPR will fall under cross-border assertions. What this means is that EU regulators will bring an action against a US company in the EU. While the US company could accept the jurisdiction of the EU court, it will most likely ignore it. In that case, once the regulator has a judgement from the EU court it will take the ruling to a US court and ask for it to be enforced by the US court. There is a whole body of law and set of expertise around when these get enforced, but it is likely (in his perspective) that US courts will enforce the judgement because of the desire to have the opposite (US judgements against EU citizens in the EU) to be upheld by EU courts.
He believes that because of the limitations that GDPR places upon its jurisdiction (EU citizens being provably targeted by a US company) that there is a strong potential that this will affect US (and any other non EU) companies.
So basically the US courts are expected to become ad hoc lawmakers picking and choosing when to "have" a law and when not to, at will, without any oversight from the government or the actual lawmakers?
This is one of the most unbelievable indictments of corruption in the US legal system. That's insane. Zero legal oversight, just courts doing absolutely anything that they want.
