September 15, 2018 at 12:39 pm
Comments posted to this topic are about the item We Need Data Privacy Consistency
September 17, 2018 at 9:31 am
I have only looked at the surface of these laws. Specific implementation are left up to the organization to determine just like implementing a protocol - the protocol spells out what it must do and the implementation actually does it in one form or another. I see some good ideas passed but they seem to me to be like protocols and not implementation. I think the actual implementation is what we need - the teeth of the beast. I've been interested in Privacy Engineering. I think this is out best chance. Privacy build up from the codebase instead of top-down from policy.
September 17, 2018 at 10:31 am
Except a legal framework will never be up to date with what is a good idea here for implementation. Personally, I like the idea of giving us boundaries and then we have to determine what implementation satisfies them.
The exception is that I'd prefer laws do amend over time with which items are not sutiable. So, for encryption, we'd toss the DES algorithms and say these aren't secure. Even TripleDES might be one that you say must be upgraded. For hashing, no RCx's allowed.
September 17, 2018 at 1:38 pm
I am curious about what will happen when the Brexit is complete. I am assuming that UK companies will still need to be GDPR compliant as they will most likely still be doing business with citizens from EU countries. But will the UK pass a new set of laws similar to GDPR (GDPRUK, for example)? Will there be a second round of updates for UK companies to become compliant with GDPRUK and GDPR and for EU companies to become GDPR and GDPRUK compliant? It seems like there are no guarantees that the UK rules will be the same as the EU rules, nor will they have to stay the same over time. What has the discussion been around the whole Brexit/GDPR issue?
September 18, 2018 at 12:44 am
chris.laxdal - Monday, September 17, 2018 1:38 PMI am curious about what will happen when the Brexit is complete. I am assuming that UK companies will still need to be GDPR compliant as they will most likely still be doing business with citizens from EU countries. But will the UK pass a new set of laws similar to GDPR (GDPRUK, for example)? Will there be a second round of updates for UK companies to become compliant with GDPRUK and GDPR and for EU companies to become GDPR and GDPRUK compliant? It seems like there are no guarantees that the UK rules will be the same as the EU rules, nor will they have to stay the same over time. What has the discussion been around the whole Brexit/GDPR issue?
We would take GDPR as it stands as most of the legislation came from the UK anyway. As far as future changes to legislation, I'm afraid I broke my crystal ball just the other day, but would hazard a guess that any changes to it would be minor or be changed for a very specific reason.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply