Page 63 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 63

As with the offering of goods and services, there needs to be a certain degree of targeting at people in
            EU countries. For example, if you merely collect web traffic data without targeting individuals in the EU,
            this is unlikely to be covered.



            What Does This Mean for American Companies?

            This all means that GDPR will affect a lot of American companies, whether or not they have any specific
            presence in the EU.

            If you are not established in the EU, but a small proportion of your revenue comes from people in those
            countries, then you are faced with a choice. You could choose to stop providing (or at least marketing)
            your goods and services to these people in order to avoid taking the steps necessary for compliance.

            But remember that most of GDPR’s rules are good practice in any event. Adhering to them shows to your
            customers that you take data security seriously, and it puts you in a good position if state or federal
            government ever decide to enact similar legislation at home. This is very likely, and will be happening for
            companies under the scope of the California Consumer Protection Act (CCPA) by 2020.

            Cutting yourself off from European markets could ultimately limit your future growth. By contrast, working
            to make your organization and its products GDPR compliant, whether on your own or with help, is an
            investment which is likely to pay off in the long run. TrueVault, for instance, offers products that makes
            your applications and data warehouses GDPR compliant.


            Some (Limited) Exemptions

            There are very limited categories of processing exempted from GDPR:

            Processing related to activities which are outside of EU law.

            Processing related to law enforcement and immigration control.

            Processing  by  individuals  carrying  out  purely  personal  or  household  activities  (such  as  keeping  an
            address book).

            As can be seen, none of these will apply to the vast majority of organizations.

            GDPR will apply across the business world, wherever organizations have an EU presence or deal with
            the personal data of people in the EU. The sanctions for breach will potentially be harsh.
            As a result, it is vital to check whether your organization is covered by the new rules, and if so to take all
            steps necessary to make it compliant.
















                                 63
   58   59   60   61   62   63   64   65   66   67   68