Wall Street Journal (wsj.com) video above published May 21, 2018: The European Union's General Data Protection Regulation on data privacy will come into force on May 25, 2018. This video explains how it could affect you, even if you don't live in the EU.
a16z Podcast: What to Know about GDPR with Lisa Hawke and Steven Sinofsky
"Given concern around data breaches, the EU Parliament finally passed GDPR (General Data Protection Regulation) after four years of preparation and debate; it goes into enforcement on May 25, 2018. Though it originated in Europe, GDPR is a form of long-arm jurisdiction that affects many U.S. companies -- including most software startups, because data collection and user privacy touch so much of what they do.
"With EU regulators focusing most on transparency, GDPR affects everything from user interface design to engineering to legal contracts and more. That's why it's really about "privacy by design", argues former environmental scientist and lawyer Lisa Hawke, who spent most of her career in regulatory compliance in the oil industry and is now Vice President of Security and Compliance at a16z portfolio company Everlaw.com (she also serves as Vice Chair for Women in Security and Privacy). And it's also why, observes a16z board partner Steven Sinofsky, everyone -- from founders to product managers to engineers and others -- should think about privacy and data regulations (like GDPR, HIPAA, etc.) as a culture... not just as "compliance".
"The two break down the basics all about GDPR in this episode of the a16z Podcast -- the why, the what, the how, the who -- including the easy things startups can immediately do, and on their own. In fact, GDPR may give startups an edge over bigger companies and open up opportunities, argue Hawke and Sinofsky; even with fewer resources, startups have more organizational flexibility, if they're willing to put in the work."--source Andreessen Horowitz
Links mentioned in this podcast and other resources:
- a16z.com GDPR resources
- GDPR compliance doc — Everlaw open-sourced this Google Spreadsheet tool, which combines documentation for GDPR Article 30: Records of processing activities; Article 32: Security of processing; and Article 35: Data protection impact assessment into one workbook (including a place to document Article 15: Right of access by the data subject)
- “Privacy by Design” foundational principles — by Ann Cavoukian, Ph.D., Information & Privacy Commissioner, Ontario, Canada
- Privacy and Security by Design: An Enterprise Architecture Approach — by Ann Cavoukian and Mark Dixon (Oracle)
- General Data Protection Regulation — a Stripe guide by Sára Gabriella Hoffman
- Be Prepared for the GDPR — Twilio whitepaper
Open-Sourcing our GDPR Compliance Preparation For Articles 30, 32, and 35 https://t.co/Om25wyhd4w— Hacker News (@newsycombinator) May 19, 2018
Tech, finance and energy cos lead the pack preparing for GDPR-compliance pre-May 25 via @mcdermottlaw @legaltech_news https://t.co/CBH8nKzWR2 pic.twitter.com/EPbSSt9rAN— Everlaw (@everlaw) May 4, 2018