Fact or Fiction About Some Key Aspects of GDPR

Published in Adotas on 5/15/18

Unless you’ve completely unplugged for the last year or two, you’ve no doubt heard the term GDPR at least a few times (and probably more than a few). As with any new legislation, the General Data Protection Regulation has generated plenty of discussion about the new law and how it will impact businesses around the world. Not surprisingly, some of the seemingly common understandings of GDPR are more accurate than others. So, let’s take a look at some of the topics you may have read about and see how they measure up to reality.

One quick note – the author is not a lawyer and no information in this article should be taken as legal advice. It is always recommended that companies obtain professional legal guidance on matters pertaining to industry regulation or legislation, like GDPR. With that caveat, let’s get started.

GDPR reaches companies beyond the EU – TRUE

After some initial confusion, I think most people understand that GDPR is not just a regional issue for companies in the EU. Unlike many regulations, GDPR is not reliant on a company having a physical presence in the region in order to be impacted. Technically, if a company collects, stores, or processes any personal data from subjects in the EU, then they must comply with GDPR regarding that data. An important point here is how the GDPR defines ‘personal data,’ which the regulation does spell out with reasonable clarity. It goes beyond what we in the US consider Personally Identifiable Information (PII) to include items like IP Address.

Read the entire article at Adotas.