| Your comment came off a bit combative against me vs. the idea I'm trying to argue. Perhaps I didn't make my point very well. Lets swap GDPR for PCI compliance, which has a new standard (or fully implemented standard, if you may) coming soon. PCI deals with credit card information. My relevant background allows me to make a few assumptions:
1. If you are in the US. 2. AND you have visited a Quick Service restaurant in the last five years (think Subways, Chipotle, etc.) 3. AND they use one of the major POS (point of sale) providers. That your credit card, name, expiration date, and CVV is in plain text. You may know the GPDR very well, as it is your job and you are most likely very qualified for it. And yes, there are probably lots of nuances to this law. However, thats every single law there is, every standard, guidelines, etc. I'm not entitled. I am, however, a realist that understands that you just have to comply. Taking two days to read the 88 page PDF will make you more familiar then most. It might not make you an expert but for a small to medium sized business, it would give you the necessary tools to comply with majority of the law. Quite frankly, I don't have a bunch of lawyers and I do have to implement GDPR. Will there be an official review? YES. There will be folks who know more then I and are professionals to double check my work. But I can't tell my stakeholders "Sorry, We can't do that because its just too tough". That seems entitled... |
It’s like complying with 99% of securities laws and forgetting to comply with the insider trading laws. That’s not a defense.