Академический Документы
Профессиональный Документы
Культура Документы
Given the cross-border nature of the modern-day economy, it’s also not unusual to
see US-based companies with offices overseas, including in the EU. Personal data
processed, whether the processing occurs in the EU or not, in the context of the
activities of a US-based company’s EU establishment will be subject to the GDPR.
The reality is that GDPR enforcement will begin a good ten months before Brexit
occurs. And, even after the UK leaves the EU, there is still a very high probability UK
businesses will be subject to GDPR compliance requirements because the GDPR applies
to the personal data of all EU residents. Given there are many EU residents living in the
UK and UK businesses will continue to do business with residents of EU countries, the
GDPR requirements will still apply to UK businesses long after Brexit is completed.
As long as the data can be traced back or associated with an individual who was in the
EU at the time the data was collected (a “data subject”) via a name, ID number, or some
other physiological, genetic, or similar factor, then that data will be considered within
the scope of GDPR protection. As an example, contact information gathered from
prospective customers must have been gathered in compliance with the GDPR notice
and consent requirements to be used for marketing purposes after May 25th, 2018.
So, even if a data controller is not storing personal data (i.e., it uses a third party to
store such data), the data controller will still be held responsible for compliance with
the GDPR. Both controllers and processors share responsibility for meeting GDPR
requirements.
Under this article, businesses must do what is appropriate, including but not limited
to and likely more than, just pseudonymization and encryption to ensure data security.
Information governance technologies that address data retention and defensible
disposition issues are examples of additional measures that enhance data security.
Next steps
The issues discussed above are currently top-of-mind for many security, compliance, and
IT professionals tasked with meeting GDPR requirements. To assess your organization’s
readiness, review this blog post for a planning timeline and identify the next steps that
make the most sense for you.