We had a unique opportunity in talking with data privacy attorney Sheila FitzPatrick. She lives and breathes data security and is a recognized expert on EU and other international data protection laws. FitzPatrick has direct experience in representing companies in front of EU data protection authorities (DPAs). She also sits on various governmental data privacy advisory boards.
During this first part of the interview with her, we focused on the new General Data Protection Regulation (GDPR), which she says is the biggest overhaul in EU security and privacy rules in twenty years.
One important point FitzPatrick makes is that the GDPR is not only more restrictive than the existing Data Protection Directive —breach notification, impact assessment rules — but also has far broader coverage.
Cloud computing companies no matter where they are located will be under the GDPR if they are asked to process personal data of EU citizens by their corporate customers. The same goes for companies (or controllers in GDPR-speak) outside the EU who directly collect personal data — think of any US-based e-commerce or social networking company on the web.
Keep all this in mind as you listen to our in-depth discussion with this data privacy and security law professional.
Add us to your favorite podcasting app:
Follow the Inside Out Security Show panel on Twitter @infosec_podcast