ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    GDPR Resources

    Scheduled Pinned Locked Moved IT Discussion
    gdprregulations
    105 Posts 7 Posters 12.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      It worth noting that even if the US-EU Privacy Shield would have made the GDPR possible int he US, Executive Order 13768 may have removed it. The order appears to make the GDPR impossible to implement in the US without further action regardless of existing treaties.

      https://www.theregister.co.uk/2017/01/30/trump_executive_order_public_safety_privacy_shield/

      1 Reply Last reply Reply Quote 0
      • KellyK
        Kelly @scottalanmiller
        last edited by

        @scottalanmiller said in GDPR Resources:

        @kelly said in GDPR Resources:

        @jaredbusch said in GDPR Resources:

        @kelly said in GDPR Resources:

        @danp said in GDPR Resources:

        This link was posted over on another forum just today --
        https://techblog.bozho.net/gdpr-practical-guide-developers/

        Thanks for actually replying to the thread topic @Danp. I'm not really sure what to do with this experience...

        😄

        Hey, I was supporting you 😛

        You have been. It was more that @Danp was on topic. We've both followed @scottalanmiller into his overall derailment.

        Hardly a derailment, it's the core of the conversation. Outside of the EU, how does the GDPR affect you? It's totally by what local laws (sometimes in the form of treaties) present it to you locally.

        It is the core of a conversation around GDPR, but not core to the question as asked. I'm not objecting to the conversation, finding it amusing how little time has been spent on the original question.

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Kelly
          last edited by

          @kelly said in GDPR Resources:

          @scottalanmiller said in GDPR Resources:

          @kelly said in GDPR Resources:

          @jaredbusch said in GDPR Resources:

          @kelly said in GDPR Resources:

          @danp said in GDPR Resources:

          This link was posted over on another forum just today --
          https://techblog.bozho.net/gdpr-practical-guide-developers/

          Thanks for actually replying to the thread topic @Danp. I'm not really sure what to do with this experience...

          😄

          Hey, I was supporting you 😛

          You have been. It was more that @Danp was on topic. We've both followed @scottalanmiller into his overall derailment.

          Hardly a derailment, it's the core of the conversation. Outside of the EU, how does the GDPR affect you? It's totally by what local laws (sometimes in the form of treaties) present it to you locally.

          It is the core of a conversation around GDPR, but not core to the question as asked. I'm not objecting to the conversation, finding it amusing how little time has been spent on the original question.

          Well, I think digging into where it applies and where it doesn't is answering that in most cases. For most companies, knowing if it affects them or not is the primarily piece of preparation.

          For those doing deep, intentional data processing of those resources it's way, way more complex. But that's likely to be a tiny minority of companies. Mostly, I think, that's going to fall to development departments rather than IT.

          KellyK 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            What I believe to be the intent around the GDPR really hits companies that are doing custom / bespoke applications for the data processing. Especially the US ones. EU companies aren't handing off to the US just for CPU power, but for local expertise or systems.

            So the primary concerns are around database systems that can identify the points of privacy and having a means of purging them. Really, I think that having that alone covers most needs. Just the ability to "delete". Which previously, almost no one had.

            1 Reply Last reply Reply Quote 0
            • KellyK
              Kelly @scottalanmiller
              last edited by

              @scottalanmiller said in GDPR Resources:

              @kelly said in GDPR Resources:

              @scottalanmiller said in GDPR Resources:

              @kelly said in GDPR Resources:

              @jaredbusch said in GDPR Resources:

              @kelly said in GDPR Resources:

              @danp said in GDPR Resources:

              This link was posted over on another forum just today --
              https://techblog.bozho.net/gdpr-practical-guide-developers/

              Thanks for actually replying to the thread topic @Danp. I'm not really sure what to do with this experience...

              😄

              Hey, I was supporting you 😛

              You have been. It was more that @Danp was on topic. We've both followed @scottalanmiller into his overall derailment.

              Hardly a derailment, it's the core of the conversation. Outside of the EU, how does the GDPR affect you? It's totally by what local laws (sometimes in the form of treaties) present it to you locally.

              It is the core of a conversation around GDPR, but not core to the question as asked. I'm not objecting to the conversation, finding it amusing how little time has been spent on the original question.

              Well, I think digging into where it applies and where it doesn't is answering that in most cases. For most companies, knowing if it affects them or not is the primarily piece of preparation.

              For those doing deep, intentional data processing of those resources it's way, way more complex. But that's likely to be a tiny minority of companies. Mostly, I think, that's going to fall to development departments rather than IT.

              The question was asking for resources that people are using for learning about GDPR. There are very few links to other resources other than ones I've (and now @Danp) provided.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                Lynda has a course!

                https://www.lynda.com/Business-Skills-tutorials/Learning-GDPR/693080-2.html

                KellyK 1 Reply Last reply Reply Quote 0
                • KellyK
                  Kelly @scottalanmiller
                  last edited by

                  @scottalanmiller said in GDPR Resources:

                  Lynda has a course!

                  https://www.lynda.com/Business-Skills-tutorials/Learning-GDPR/693080-2.html

                  Wow, a 13 minute "course". Lynda is setting the bar pretty low. I've spent way more time digging through materials. Even the course I linked above is several hours.

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Kelly
                    last edited by

                    @kelly said in GDPR Resources:

                    @scottalanmiller said in GDPR Resources:

                    Lynda has a course!

                    https://www.lynda.com/Business-Skills-tutorials/Learning-GDPR/693080-2.html

                    Wow, a 13 minute "course". Lynda is setting the bar pretty low. I've spent way more time digging through materials. Even the course I linked above is several hours.

                    Yeah, I think anything "real" is going to be taught by lawyers and be pretty in depth. It's a painful topic.

                    KellyK 1 Reply Last reply Reply Quote 0
                    • KellyK
                      Kelly @scottalanmiller
                      last edited by

                      @scottalanmiller said in GDPR Resources:

                      @kelly said in GDPR Resources:

                      @scottalanmiller said in GDPR Resources:

                      Lynda has a course!

                      https://www.lynda.com/Business-Skills-tutorials/Learning-GDPR/693080-2.html

                      Wow, a 13 minute "course". Lynda is setting the bar pretty low. I've spent way more time digging through materials. Even the course I linked above is several hours.

                      Yeah, I think anything "real" is going to be taught by lawyers and be pretty in depth. It's a painful topic.

                      That is part of what attracted me to the course I linked. It is being taught by faculty at the law school the University of Groningen.

                      1 Reply Last reply Reply Quote 0
                      • KellyK
                        Kelly
                        last edited by

                        I received a response from one of the lawyers who wrote a blog post warning US companies about the potential impacts of GDPR. I don't have his permission to post his response, so I will do my best to paraphrase.

                        GDPR will fall under cross-border assertions. What this means is that EU regulators will bring an action against a US company in the EU. While the US company could accept the jurisdiction of the EU court, it will most likely ignore it. In that case, once the regulator has a judgement from the EU court it will take the ruling to a US court and ask for it to be enforced by the US court. There is a whole body of law and set of expertise around when these get enforced, but it is likely (in his perspective) that US courts will enforce the judgement because of the desire to have the opposite (US judgements against EU citizens in the EU) to be upheld by EU courts.

                        He believes that because of the limitations that GDPR places upon its jurisdiction (EU citizens being provably targeted by a US company) that there is a strong potential that this will affect US (and any other non EU) companies.

                        scottalanmillerS 2 Replies Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Kelly
                          last edited by

                          @kelly said in GDPR Resources:

                          I received a response from one of the lawyers who wrote a blog post warning US companies about the potential impacts of GDPR. I don't have his permission to post his response, so I will do my best to paraphrase.

                          GDPR will fall under cross-border assertions. What this means is that EU regulators will bring an action against a US company in the EU. While the US company could accept the jurisdiction of the EU court, it will most likely ignore it. In that case, once the regulator has a judgement from the EU court it will take the ruling to a US court and ask for it to be enforced by the US court. There is a whole body of law and set of expertise around when these get enforced, but it is likely (in his perspective) that US courts will enforce the judgement because of the desire to have the opposite (US judgements against EU citizens in the EU) to be upheld by EU courts.

                          He believes that because of the limitations that GDPR places upon its jurisdiction (EU citizens being provably targeted by a US company) that there is a strong potential that this will affect US (and any other non EU) companies.

                          So basically the US courts are expected to become ad hoc lawmakers picking and choosing when to "have" a law and when not to, at will, without any oversight from the government or the actual lawmakers?

                          This is one of the most unbelievable indictments of corruption in the US legal system. That's insane. Zero legal oversight, just courts doing absolutely anything that they want.

                          KellyK 1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller @Kelly
                            last edited by

                            @kelly said in GDPR Resources:

                            He believes that because of the limitations that GDPR places upon its jurisdiction (EU citizens being provably targeted by a US company) that there is a strong potential that this will affect US (and any other non EU) companies.

                            If this limitation is real and reasonable, but "targeted" is a useless term here. What does that mean or imply?

                            KellyK 1 Reply Last reply Reply Quote 0
                            • KellyK
                              Kelly @scottalanmiller
                              last edited by

                              @scottalanmiller said in GDPR Resources:

                              @kelly said in GDPR Resources:

                              He believes that because of the limitations that GDPR places upon its jurisdiction (EU citizens being provably targeted by a US company) that there is a strong potential that this will affect US (and any other non EU) companies.

                              If this limitation is real and reasonable, but "targeted" is a useless term here. What does that mean or imply?

                              Goods or services (whether for sale or for free), that specifically attempt to market to EU citizens. An frequently cited example of this is when a site translates itself into the language of an EU member country when that language is not the native language of the originating country. The rest will probably have to be sorted out via case law.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • KellyK
                                Kelly @scottalanmiller
                                last edited by

                                @scottalanmiller said in GDPR Resources:

                                @kelly said in GDPR Resources:

                                I received a response from one of the lawyers who wrote a blog post warning US companies about the potential impacts of GDPR. I don't have his permission to post his response, so I will do my best to paraphrase.

                                GDPR will fall under cross-border assertions. What this means is that EU regulators will bring an action against a US company in the EU. While the US company could accept the jurisdiction of the EU court, it will most likely ignore it. In that case, once the regulator has a judgement from the EU court it will take the ruling to a US court and ask for it to be enforced by the US court. There is a whole body of law and set of expertise around when these get enforced, but it is likely (in his perspective) that US courts will enforce the judgement because of the desire to have the opposite (US judgements against EU citizens in the EU) to be upheld by EU courts.

                                He believes that because of the limitations that GDPR places upon its jurisdiction (EU citizens being provably targeted by a US company) that there is a strong potential that this will affect US (and any other non EU) companies.

                                So basically the US courts are expected to become ad hoc lawmakers picking and choosing when to "have" a law and when not to, at will, without any oversight from the government or the actual lawmakers?

                                This is one of the most unbelievable indictments of corruption in the US legal system. That's insane. Zero legal oversight, just courts doing absolutely anything that they want.

                                You went from zero to 60 pretty fast on that one.

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Kelly
                                  last edited by

                                  @kelly said in GDPR Resources:

                                  @scottalanmiller said in GDPR Resources:

                                  @kelly said in GDPR Resources:

                                  I received a response from one of the lawyers who wrote a blog post warning US companies about the potential impacts of GDPR. I don't have his permission to post his response, so I will do my best to paraphrase.

                                  GDPR will fall under cross-border assertions. What this means is that EU regulators will bring an action against a US company in the EU. While the US company could accept the jurisdiction of the EU court, it will most likely ignore it. In that case, once the regulator has a judgement from the EU court it will take the ruling to a US court and ask for it to be enforced by the US court. There is a whole body of law and set of expertise around when these get enforced, but it is likely (in his perspective) that US courts will enforce the judgement because of the desire to have the opposite (US judgements against EU citizens in the EU) to be upheld by EU courts.

                                  He believes that because of the limitations that GDPR places upon its jurisdiction (EU citizens being provably targeted by a US company) that there is a strong potential that this will affect US (and any other non EU) companies.

                                  So basically the US courts are expected to become ad hoc lawmakers picking and choosing when to "have" a law and when not to, at will, without any oversight from the government or the actual lawmakers?

                                  This is one of the most unbelievable indictments of corruption in the US legal system. That's insane. Zero legal oversight, just courts doing absolutely anything that they want.

                                  You went from zero to 60 pretty fast on that one.

                                  I just read back what you wrote.

                                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @Kelly
                                    last edited by

                                    @kelly said in GDPR Resources:

                                    @scottalanmiller said in GDPR Resources:

                                    @kelly said in GDPR Resources:

                                    He believes that because of the limitations that GDPR places upon its jurisdiction (EU citizens being provably targeted by a US company) that there is a strong potential that this will affect US (and any other non EU) companies.

                                    If this limitation is real and reasonable, but "targeted" is a useless term here. What does that mean or imply?

                                    Goods or services (whether for sale or for free), that specifically attempt to market to EU citizens. An frequently cited example of this is when a site translates itself into the language of an EU member country when that language is not the native language of the originating country. The rest will probably have to be sorted out via case law.

                                    Right, which is ridiculous. That's not targeting in any rational sense of the word. Heck, that's a built in native feature of loads of platforms.

                                    And I have sites that do that today... but not because the work with the EU but because they work with LATAM.

                                    So I can prove that that specific wording takes something that is specifically not for the EU, and gets caught up in their sweep.

                                    In fact, every US site that caters to the US' secondary language would qualify. Guess what, nearly ever Texas website has a Spanish translation. So do our billboards. But it is not a native or primary language in Texas. It's just heavily used.

                                    1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller
                                      last edited by

                                      Using "available in their language" as a form of "targeting" is about as "non-targeting" as you could reasonably come up with as an excuse. What could be broader? Short of saying any IP address that can be pingable from Europe or something, this catches mom and pop shops in rural backwaters who don't even know where Europe is in the sweep.

                                      1 Reply Last reply Reply Quote 0
                                      • JaredBuschJ
                                        JaredBusch @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in GDPR Resources:

                                        @kelly said in GDPR Resources:

                                        @scottalanmiller said in GDPR Resources:

                                        @kelly said in GDPR Resources:

                                        I received a response from one of the lawyers who wrote a blog post warning US companies about the potential impacts of GDPR. I don't have his permission to post his response, so I will do my best to paraphrase.

                                        GDPR will fall under cross-border assertions. What this means is that EU regulators will bring an action against a US company in the EU. While the US company could accept the jurisdiction of the EU court, it will most likely ignore it. In that case, once the regulator has a judgement from the EU court it will take the ruling to a US court and ask for it to be enforced by the US court. There is a whole body of law and set of expertise around when these get enforced, but it is likely (in his perspective) that US courts will enforce the judgement because of the desire to have the opposite (US judgements against EU citizens in the EU) to be upheld by EU courts.

                                        He believes that because of the limitations that GDPR places upon its jurisdiction (EU citizens being provably targeted by a US company) that there is a strong potential that this will affect US (and any other non EU) companies.

                                        So basically the US courts are expected to become ad hoc lawmakers picking and choosing when to "have" a law and when not to, at will, without any oversight from the government or the actual lawmakers?

                                        This is one of the most unbelievable indictments of corruption in the US legal system. That's insane. Zero legal oversight, just courts doing absolutely anything that they want.

                                        You went from zero to 60 pretty fast on that one.

                                        I just read back what you wrote.

                                        No you did not. You changed it. Either way, you are wrong.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by scottalanmiller

                                          Let me give an example of why this worries me...

                                          1. Fourteen year old kid in Kansas is required to take a foreign language in school. He enjoys languages and thinks it is fun. He blogs about it on his blog, in the language he is learning. let's say Portuguese because he hopes to visit Brazil, the largest speaker of that language and a major tourist destination. Or maybe he's from Brazil and posts in his native language after moving to the US. He's now under GDPR because he used Brazil's language on a US blog, that recorded IP addresses of visitors.

                                          2. The restaurant at the end of my street that only speaks Spanish puts their menu up online. Their menu is only in Spanish, as they only speak Spanish. They are under GDPR now.

                                          Will the EU take time to go after these people? No, it's silly. But the point is, that essentially everyone is going to be covered by it and the courts can just enforce at will. It's essentially a "everyone is guilty of a foreign law you have no reasonable way to know about" and it covers the most insanely trivial situations.

                                          1 Reply Last reply Reply Quote 1
                                          • scottalanmillerS
                                            scottalanmiller @JaredBusch
                                            last edited by

                                            @jaredbusch said in GDPR Resources:

                                            @scottalanmiller said in GDPR Resources:

                                            @kelly said in GDPR Resources:

                                            @scottalanmiller said in GDPR Resources:

                                            @kelly said in GDPR Resources:

                                            I received a response from one of the lawyers who wrote a blog post warning US companies about the potential impacts of GDPR. I don't have his permission to post his response, so I will do my best to paraphrase.

                                            GDPR will fall under cross-border assertions. What this means is that EU regulators will bring an action against a US company in the EU. While the US company could accept the jurisdiction of the EU court, it will most likely ignore it. In that case, once the regulator has a judgement from the EU court it will take the ruling to a US court and ask for it to be enforced by the US court. There is a whole body of law and set of expertise around when these get enforced, but it is likely (in his perspective) that US courts will enforce the judgement because of the desire to have the opposite (US judgements against EU citizens in the EU) to be upheld by EU courts.

                                            He believes that because of the limitations that GDPR places upon its jurisdiction (EU citizens being provably targeted by a US company) that there is a strong potential that this will affect US (and any other non EU) companies.

                                            So basically the US courts are expected to become ad hoc lawmakers picking and choosing when to "have" a law and when not to, at will, without any oversight from the government or the actual lawmakers?

                                            This is one of the most unbelievable indictments of corruption in the US legal system. That's insane. Zero legal oversight, just courts doing absolutely anything that they want.

                                            You went from zero to 60 pretty fast on that one.

                                            I just read back what you wrote.

                                            No you did not. You changed it. Either way, you are wrong.

                                            If I'm wrong, in what way? What am I missing?

                                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 3 / 6
                                            • First post
                                              Last post