Explore the implications of GDPR on US data protection laws and infosec standards in this ShowMeCon 2018 conference talk. Delve into the key aspects of GDPR, including its scope, principles, and requirements for controllers and processors. Examine the lawfulness of processing, enumerated rights, security measures, and breach notification protocols. Analyze the conditions for consent, automated decision-making, and the right of erasure. Gain insights into enforcement against US companies and receive general advice on GDPR compliance. Learn about certification bodies, codes of conduct, and the potential impact of GDPR on analytics and logs.
Overview
Syllabus
Intro
Outline
US Data Protection Law
What is the Infosec Standard of Care?
General Data Protection Regulation
Subject Matter Scope
Territorial Scope
Controllers and Processors
General Principles
Lawfulness of Processing
Enumerated/On-Demand Rights
Security Requirements
Breach Notification
Conditions for Consent
Consent as a Condition of a Service
Super Duper Flashlight 3000
NOYB.EU Litigation
Right of Erasure
Automated Decision Making
Analytics and Logs
Certification Bodies and Codes of Conduct
Enforcement Against US Companies
General Advice
