Some businesses are attempting to capitalize on confusion over just who the GDPR applies to…

Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .

Several Clients have emailed a question to me this week (one even picked up that thing called a telephone, and called me): What are we supposed to do about GDPR? It turns out that several “multinational players” in the security market are using this European Union regulation to “scare up” new business. Their marketing people might want to read the regulation:

https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en#answer

The critical part: “When the regulation does not apply: Your company is [a] service provider based outside the EU. It provides services to customers outside the EU. Its clients can use its services when they travel to other countries, including within the EU. Provided your company doesn’t specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.”

We interpret that to mean that even if you DO have customers who live in the EU,  for most community based banks in Indiana, you do not have to comply.

Original article by Dan Hadaway CRISC CISA CISM. Founder and Managing Partner, infotex

Dan’s New Leaf is a fun blog to inspire thought in the area of IT Governance.