However, amongst all the noise about GDPR, there is one topic I have very rarely seen being discussed; even on LinkedIn where everyone seems (or claims) to be some kind of expert.
It's a topic which has bothered me since I first read about it and had hoped to see more about.
Article 27 Representatives of controllers or processors not established in the Union
Maybe BREXIT is a long way away. Maybe the experts think we can only focus on one thing at a time, but why is this not all over the place?
If, post BREXIT, my e-business sells to EU nationals will I need to appoint an EU Representative?
The UK will be outside the EU. There is no UK EC Privacy Shield Working Group I know of.
Will business end up with further layers in a EU-UK Privacy Shield type scenario?
What about a UK-US Privacy Shield workload?
Clearly, DPA (2017) should/could take care of all of the last two but what do I do about Article 27 and when do I do it?
The large multinationals will be okay. What about my friend who sells loads of eLiquid online to Irish customers? Who is talking to him about the potential impacts and why GDPR does matter even despite BREXIT?
Again, those of you who know me will understand that I often know (or think I know) the answer before I ask a question like this.
As always, I have my opinions. As always, I am willing to be proven wrong.
Is there anyone out there who can assure me this is at least being discussed. The world is changing. eCommerce and the Cloud can make every business multinational and multi-jusridictional.
Personal Data is Gold. Protection of it is very important. Is enough being done to let small businesses know about the impacts - potential and real - that GDPR, DPA (2017), EU US Privacy Shield and their ilk will have on them?