6311 - GDPR - What You Need to Know - A Panel Discussion (Mariano Benito)
The European Union General Data Protection Regulation is a huge culture change for those U.S. companies doing business within the EU or with EU citizens, and those who store these users' data in the United States. And it's coming in less than a year. Join an accomplished panel, including a practitioner from Europe and hear about how to prepare for GDPR, what companies must implement, enforce and measure. We'll also explore compliance controls and how that will change the workforce behavior, while allowing EU citizens access to data.
Understand the major requirements of GDPR, the magnitude and scope of its differences with U.S. privacy laws (think HIPAA), and truly appreciate the gargantuan task of implementing a cultural change within your workforce to avoid costly fines and breaches.
Understand access methodologies and choose the method that fits your needs, as this is key. This new privacy culture will not allow giving read access where a workforce member has no need to access privacy data, and will require obfuscation of privacy data in testing.
Learn how best to architect GDPR implementation in your environment, and how to apply architectural principles to maximize effectiveness and minimize unintended consequences.
Question: If a US based company does not directly market to the EU but does have data regarding EU citizens (think hospitals, insurance, finance) where the EU citizen is currently living in the US, do they need to concern themselves with GDPR? What would be the DPA that they would have to report to? Under what authority could the EU-DPA assess penalties?