Latest questions:
Trending questions:
Hot questions:
GDPR and other regulation
1 answer
When such conflicts arise between the foreign regulation (GDPR) and an analogous one from the US, I follow the same logic as I would when the same sort arises between State and Federal in the US only. I assess what the requirements actually are from both sources, craft a policy to encompass them both, without redundancy, noting the source in each case, and where durations come into it, I go with the longer term for its being stricter (in the regulatory sense).
I attempt always to avoid administrative complications and burdensomeness, where possible, in an attemtp to keep things simpler, but I make certain to exert a "good faith" effort to demonstrate to authority that I mean to achieve compliance with the regs. I likewise try to keep things in balance even so to ensure that they are livable for the business; including regular monitoring to facilitate continuing compliance, not just its initial achievement.