|
|
|
|
|
|
by geocar
3052 days ago
|
|
|
I’m currently doing some GDPR consulting for an American company. I don’t think the GDPR is as difficult as you suggest. The biggest problem companies seem to struggle with is this idea that the personal data they keep isn’t theirs and they need to protect it like anything else in their possession that isn’t theirs. Then, there’s also the issue that Americans aren’t used to the idea that a European court might think they’re in their jurisdiction, and they don’t know how to interact with a European court. Treating them as adversaries (as is often done in the USA) doesn’t go well. The courts basically decide if you fucked up and did harm that you could’ve prevented, and not if you were technically against the law. Are you treating someone’s personal data the way they would want you to? Really? If so then you’re probably better than 90% of the way there. |
|
|
You keep writing things like this, and I'm not going to just post the same reply every time, so let's try another one here.
Let us assume for the sake of debate that Privacy Shield will at some point be struck down by the courts, like Safe Harbor before it, since the fundamental objections involving US government access have not changed.
At that point, please explain the conditions under which an EU business can share PII with a US business without violating the GDPR.