AmericanThunder
Super Moderator
I have been aware for some time that the old Data Protection Act is being replaced by the General Data Protection Regulation, (GDPR).
The GDPR is an EU directive to better protect individuals data.
I have been involved in a project at work since I started back in November. The implications are huge, but I will try and summarise:
1. GDPR means that companies are responsible for the data they process on individuals.
2. You have to opt-in to marketing (of all types). The old opt-out will be a thing of the past.
3. It applies to any company that processes data relating to EU individuals
4. Brexit will have no impact on it.
5. Individuals have the right to be forgotten
6. Individuals have the right to view data held on them.
7. Individuals have the right to transport data held on them.
8. Individuals have the right to rectify data held on them.
9. It comes into force on May 23 2018
I'm happy to clarify any points to the best of my knowledge for anyone interested, but remember that this directive is as yet untested so there is no case law to test any of this out.
So why have I started this thread?
Well, US based companies that only supply goods and services to the US are exempt from GDPR. They will have to comply with a variation of it but its less stringent. My concern is that when we try and buy goods from our favourite suppliers after May next year we may find it more difficult. Why?
Well:
1. If a US based company supplies you your spare parts they are processing data on an EU resident. This means GDPR applies and they will have to be setup to deal with it which includes the company having to employ the services of a data protection officer.
2. Many of the processes required to achieve GDPR compliance are similar to existing standards such as ISO27001 and indeed many companies will adopt ISO27001 as a huge stepping stone in achieving GDPR compliance.
3. Adopting either ISO27001 or GDPR will cost money.
4. Data protection officers are in very short supply and as a consequence will command big money regardless of whether they are employed directly by a company or contracted to them and others.
My fear is that many of our usual suppliers will simply either not bother which means they will not be able to supply us our goods and parts or the additional cost incurred will be passed on to their customers and those outside the US in particular.
Its also possible that we will see the emergence of more dedicated shippers based in the US that are GDPR compliant. You will place your order with them and they will deal with compliance issues and ship your goods to you. Of course, this will also incur the costs that ultimately we will end paying for.
Even current suppliers like RockAuto, Ultimate Spares of America and US Automotive are also likely to pass these costs on.
I suspect our hobby will become even more expensive from next year. Hopefully I'm wrong!
The GDPR is an EU directive to better protect individuals data.
I have been involved in a project at work since I started back in November. The implications are huge, but I will try and summarise:
1. GDPR means that companies are responsible for the data they process on individuals.
2. You have to opt-in to marketing (of all types). The old opt-out will be a thing of the past.
3. It applies to any company that processes data relating to EU individuals
4. Brexit will have no impact on it.
5. Individuals have the right to be forgotten
6. Individuals have the right to view data held on them.
7. Individuals have the right to transport data held on them.
8. Individuals have the right to rectify data held on them.
9. It comes into force on May 23 2018
I'm happy to clarify any points to the best of my knowledge for anyone interested, but remember that this directive is as yet untested so there is no case law to test any of this out.
So why have I started this thread?
Well, US based companies that only supply goods and services to the US are exempt from GDPR. They will have to comply with a variation of it but its less stringent. My concern is that when we try and buy goods from our favourite suppliers after May next year we may find it more difficult. Why?
Well:
1. If a US based company supplies you your spare parts they are processing data on an EU resident. This means GDPR applies and they will have to be setup to deal with it which includes the company having to employ the services of a data protection officer.
2. Many of the processes required to achieve GDPR compliance are similar to existing standards such as ISO27001 and indeed many companies will adopt ISO27001 as a huge stepping stone in achieving GDPR compliance.
3. Adopting either ISO27001 or GDPR will cost money.
4. Data protection officers are in very short supply and as a consequence will command big money regardless of whether they are employed directly by a company or contracted to them and others.
My fear is that many of our usual suppliers will simply either not bother which means they will not be able to supply us our goods and parts or the additional cost incurred will be passed on to their customers and those outside the US in particular.
Its also possible that we will see the emergence of more dedicated shippers based in the US that are GDPR compliant. You will place your order with them and they will deal with compliance issues and ship your goods to you. Of course, this will also incur the costs that ultimately we will end paying for.
Even current suppliers like RockAuto, Ultimate Spares of America and US Automotive are also likely to pass these costs on.
I suspect our hobby will become even more expensive from next year. Hopefully I'm wrong!
I guess my next batch of parts I'll tie it in with a business trip again and collect them. 
