EU General Data Protection Regulation (GDPR)

General
1

Be aware of the new EU directive Preparing for the General Data Protection Regulation (GDPR). The penalty is high and it includes some business out side EU as well!!

Who are affected by GDPR; https://www.eugdpr.org/gdpr-faqs.html

Finde more her;

https://www.eugdpr.org
https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

2

Up to 4% of the yearly revenue if I understood it correctly.
Not even 4% of the profit, but of the revenue. Ouch.
I know Xojo (the company) is aware of it and working on it, but yes, we all need to prepare for it since the deadline is 25th of May 2018, after which the fines for non-compliance come into effect.
Any company that deals with European customers will have to comply.

3

[quote=365380:@Dirk Cleenwerck]
Any company that deals with European customers will have to comply.[/quote]

Good luck enforcing that one.

4

My interpretation is that even receiving an email with person sensitive data is a problem. How many of you have so far deleted this data or even saved a local copy. And are they still there???

5

And not just European revenue, but 4% of world-wide revenue!

6

In our application, we have a client and contact part and the stock part.

when stock item is bought from third party, we have a connect to the client/contact who sold the item to us and when it is sold, we have the connection for the buyer in the client/contact table.

so if a EU client buy a painting from one of art gallery using my application, how do i send them invoice or email them the pdf if nothing about can be kept??? or how long can the application keep those information like email, address, telephone no etc???

what about all the old backup that still have those information regarding the client/contact??
can i still keep the client/contact record without the email/telephone/address etc??

7

@Richard Duke
I think as much as I can remember , GPDR main focus is on data in possession not for data in transit between two or more sides.
If my remembering is right then providing data to be encrypted in local storage in form of database or file aka. data streams which protects your DBMS/data of app is good to go for start.

8

Or €20 million, whichever is greater.

9

I’ve only read parts of this, but it seems like the easiest and safest way to be in total compliance is to simply stop doing business in the EU.

10

Unfortunately that’s what bureaucrats don’t consider. Might very well hurt European businesses.

11

Its also kinda vague… is keeping an electronic copy of an invoice for software I sold to an EU citizen considered a violation?
If so, how is one supposed to keep in communication with them for future updates etc.

12

That’s an exception. You are allowed to keep data that is required for the day-to-day running of your company, such as for instance the data you need to be able to send an invoice.
Also company info is usually ok, unless that company can be reduced to a person (for instance a self-employed person that has a one person company). It’s all about protecting personal data.
So for instance you can keep support@company.com, administration@company.com, accounting@company.com
But you cannot keep dirk@company.com without having dirk@company.com agreeing to the fact that you are storing his info (because dirk is a person, whereas support is not)
Also for mailings you need to specify what they will get: for instance sending an invoice is always ok, but you can’t say as in the past to “sign up for our mailing”. You need to specify for instance: to receive commercial adds, to receive product info, to receive mails for lessons… You need to split it up nowadays and give people the choice of what they want to receive.

The short version: it’s a big fat mess for small companies, caused by the fact that big companies (facebook,google,…) abused their situation and the EU wanted to regulate it as a consequence. The fact that bureaucrats decided means we now have a mess.

13

More, the multi-nationals will be able to afford compliance. How will small-to-medium businesses compete?

Big regulations favor big companies and work to stamp out their smaller competition.

14

[quote=365433:@Dirk Cleenwerck]That’s an exception. You are allowed to keep data that is required for the day-to-day running of your company, such as for instance the data you need to be able to send an invoice.
Also company info is usually ok, unless that company can be reduced to a person (for instance a self-employed person that has a one person company). It’s all about protecting personal data.
So for instance you can keep support@company.com, administration@company.com, accounting@company.com
But you cannot keep dirk@company.com without having dirk@company.com agreeing to the fact that you are storing his info (because dirk is a person, whereas support is not)
Also for mailings you need to specify what they will get: for instance sending an invoice is always ok, but you can’t say as in the past to “sign up for our mailing”. You need to specify for instance: to receive commercial adds, to receive product info, to receive mails for lessons… You need to split it up nowadays and give people the choice of what they want to receive.

The short version: it’s a big fat mess for small companies, caused by the fact that big companies (facebook,google,…) abused their situation and the EU wanted to regulate it as a consequence. The fact that bureaucrats decided means we now have a mess.[/quote]

and for some people use things like email address as part of a serial number (in its generation) and maybe use it as the unique ID for the serial number. And regulations like this make the serial number system illegal.

My knee jerk reaction to this regulation is to stop doing business with anyone in the EU. Granted that is just Knee Jerk reaction and not what I am going to do.

15

I’ve only skimmed it, but doesn’t it just (and I use the word “just” with tongue in cheek) insist that you document how you store and process any data you use, and that you make such processes and intentions clear to everyone?

I don’t remember seeing anything that says you can’t store the data at all.

https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf

16

But more likely, just continue on as normal and just ignore it, like most Americans do when EU tries to regulate our business.

I think many Europeans don’t know our concept of a tax nexus, and that many businesses go out of their way to avoid creating tax nexus in another state. If Americans are willing to laugh off the requests of other states, what about other countries?

Until the United Federation of Planets comes along and we are pixelated across a planetwide system, what are they going to do? The best stock response is “Call our President and discuss it with him.”

17

Hahaha yes!

18

I have our corporate lawyer looking into this further - and the myriad thoughts above show just how unclear the rule is. However, after a row with a Canadian user and a Spanish user over our mailing lists (which they actually had to sign up for manually in the first place), we’ve put our mailing lists on hold until we get a proper legal response that defines in exact, in-use terms how we must proceed.

19

This course may be of interest

https://www.futurelearn.com/courses/general-data-protection-regulation/1

20

[quote=365482:@James Dooley]This course may be of interest

https://www.futurelearn.com/courses/general-data-protection-regulation/1[/quote]

I have signed up to take it over the next month (~3 hours of videos/week for 4 weeks.)