Reply to post:

Say GDP-aaaR: UK's Information Commissioner pours £275k fine into London pharmacy's teaspoon

Mephistro Silver badge

"If, in our opinion, we need certain data, but in the EU’s opinion we don’t..."

Quoting the relevant USA laws regarding mandatory data retention in the terms and conditions and the forms would get rid of the issue.

"the cost would not be peanuts, and it would be on-going, as it would apply _every time we added a new EU-based client."

That's what this newfangled things, automation and IT, are for. In this context, very easy stuff unless you or your "partners" are intent on selling clients data to "third parties". If this is the case, things get exponentially more difficult, which is, IMHO one of the main points of GDPR.

"you have to delete data on demand..."

This can be done through an user facing form and some simple database code, unless -again- the company involved is trying to slurp as much data from customers as they can.

"we are not leaving holes in our databases..."

Why? Do you intend to keep customers data forever? For what reason?

It might well be the case that it makes sense for your business to geoblock the EU and if this the case, please geoblock at your leisure, but I get the impression that many American companies doing this could have been misled in regard to the GDPR and its application.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020