As part of my job, I travel and speak at events globally, so I’ve heard a lot of buzz about GDPR for the better part of the last year. While I focus more on open source and application security, I’ve been paying close attention to how the EU is handling data privacy and protection. One of the best questions I’ve heard asked was “I don’t do business in the EU, so I’m safe, right?” The answer was enlightening for me—“Unless you ensure no EU users are in your dataset, you’re likely impacted.” Put another way, if you have an online presence and save personal data on users, you might have an EU user. Even if you do business only in non-EU countries, there’s nothing to say that an EU citizen isn’t doing business with you. For that matter, you could have existing customers who move to the EU and become EU residents. In other words, GDPR is complicated. Seek out responsible legal advice to make a proper determination of the risks at your organization to ensure that you’re following the guidelines laid out.
RELATED: The 7 elements of GDPR software security compliance