Dear Sara

Dear Sara,

I am an IT Director at a small company here in Pennsylvania. I was browsing Twitter TM a couple of days ago and saw several references to GDPR, the General Data Protection Regulation. Apparently, it is some onerous requirement about European resident privacy. I mentioned it to our CEO, but she told me not to worry about it as don’t do business in Europe. Is that right?

Thanks
I-dunno

Dear I-dunno,

In my best lawyerly speak, the answer is it depends. If you have no absolutely no business in Europe, then GDPR may not apply. However, do you have a website? Do you have a contact form? Does your website use cookies? If so, you will need to validate that you have not collected any EU resident’s personal data (name, address, IP address, etc.).

Good luck
Sara

——————————————————————————————————

Dear Sara,

Apparently, I have been hiding under a rock for quite a while and I just realized that GDPR is coming out this Friday! Is there anything I can do between now and then?

Thanks
Head-Buried-in-the-Sand

Dear Head-Buried-in-the-Sand,

There are two solid things you can do before GDPR comes into effect on Friday, May 25th, 2018. The first is to recognize that you have a problem. Guess what? You’ve already done that! Congrats, take the rest of the day off… Just kidding. The first step I would take and in keeping with the intent of GDPR is working to identify the EU personal data that you possess and then protecting it. Doing that will likely keep you in good stead as you work to implement the rest of it over the near future.

Have fun storming the castle!
Sara