| >I really don't understand why countries are so persistent about storing data in their country. That's not what this is. The EU is not saying "data MUST stay in the EU", it's saying "Data can only be transferred to a jurisdiction which has equivalent data protection". >It's not like the enforcers could walk into the datacenter and plug in the usb drive and get the data. No, they send a request for the data and threaten to jail anybody who even reveals that a request has been made. >And it's even hard to see what all constitutes user data. Does logging constitute user data. Article 4 of the GDPR: ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person >A much saner approach should be limiting what the company is allowed to do with the data. That's exactly what the GDPR is... |