One of the things about my role as CISO is that I get media inquiries and asked to make comment and statements. The anniversary of the implementation of GDPR is now – in May. As a result, many media agencies are inquiring about how the year has impacted us, and I have responded to their inquiries. Linked are a couple of my statements on the subject.
Here is a summary:
1. As a wholly owned and operated company within the U.S., GDPR has had little impact on us. If we had an office or real presence in the E.U., that may be different so don’t take my “no impact” statement as gospel.
2. The question is often posed, has it impacted other legislation. Sure it has – one begets another. But it is not in the way that most think. GDPR is guiding some of the privacy conversations right now – both good and bad. But the catalyst of privacy conversation in the U.S. has been because of Facebook and Cambridge Analytica in 2016-17, not GDPR. GDPR is informing the resulting California Privacy laws (CCPA), Washington state laws and any possible federal U.S. privacy laws for sure. But the catalyst is earlier.
Take a review of the news articles. Happy to have conversations of those that see it differently. I know there are different opinions and perspectives based upon how you do business and what you are involved in.
GDPR One Year Later –
States Raise Stakes in GDPR-Inspired Privacy Laws