By now, we are ALL aware of those four little letters – G D P R
You’ve made sure that Consent is the absolute last “port of call” for obtaining and using personal data (the other Lawful Basis of Processing can be seen here https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ )
You’ve audited your data, removed irrelevant or excessive data, created life cycles and retention rules, designed-in the ability to provide a relevant copy, and implemented strong and strict Data Loss Prevention systems (manual and automated).
All is looking good – you’re set; let’s go and make some money (to pay for all this regulatory change) and pay our colleagues.
Then along comes the US #CLOUD Act – a nifty bit of legislation that will cut through all that pesky protection and compel US companies to give them, and other Governments, access to your data without your ability to lodge a complaint, and without warning.
If this gets Congressional approval, it makes a mockery of the GDPR and undermines its basic premise of personal privacy.
If you’re in the US – you can make a difference – click here to Stop the CLOUD Act
Elsewhere, chat with your MP (or Parliamentary representative), the local Data Protection Registrar (eg ICO), your central Government Justice agency – heck, anyone who may be able to help understand the interference this causes.
In the UK, how will the CLOUD Act affect #GDPR and what will the effect be of data stored in the UK by US companies like MS Azure, AWS or GCP? Does the upcoming Data Protection Act take it into account?
Read more about it: