|
|
|
|
|
|
by chasb
3030 days ago
|
|
|
GDPR has a lot of parallels to HIPAA and SOC 2. Many developers here have worked with companies subject to HIPAA, or that do SOC 2 reporting. One big difference is that the material scope of GDPR is so extremely broad: it regulates any PII that can be touched by EU law. That's important because it means that all of your SaaS vendors that touch this data may be in scope, not just your hosting stack. If you're marketing or selling in the EU, your entire growth/CRM/customer success stack will be regulated. If you have EU employees or contractors, all of their HR data is covered. I'm not sure if most companies realize this. It may be less of a problem for B2B, we'll see. Questions to ask yourself: What is the scope of GDPR personal data across your business? Are you marketing in Europe? Are you selling into Europe? What business processes touch that data? |
|
|