Colorado Rocky Mountain Chapter - ACP
Connect with your colleagues
  • Home
  • About ACP
    • Meet the CRMC Board
    • ACP-CRMC Bylaws
    • National ACP
    • Contact the Chapter
  • Join ACP!
  • News
  • Events
    • Upcoming Events
    • Past Meetings >
      • 2022 >
        • February 2022
      • 2021 >
        • July 2021
        • June 2021
        • May 2021
        • April 2021
        • March 2021
        • February 2021
        • January 2021
      • 2020 >
        • October 2020
        • September 2020
        • August 2020
        • July 2020
        • June 2020
        • May 2020
        • April 2020
        • March 2020
        • February 2020
        • January 2020
      • 2019 >
        • January 2019
        • February 2019
        • May 2019
        • June 2019
        • July 2019
        • October 2019
        • November 2019
      • 2018 >
        • January 2018
        • February 2018
        • March 2018
        • April 2018
        • May 2018
        • June 2018
        • July 2018
        • August 2018
        • October 2018
      • 2017 >
        • January 2017
        • February 2017
        • June 2017
    • Calendar
  • Industry
  • Resources & Training
    • Expo & Training
  • Jobs
  • Chapter Sponsors

ACP Chapter Meeting June 2018
What we need to know about the GDPR,
​the new Data Protection Initiative from the European Union

Many US companies have been preparing for a very large change in privacy regulations initiated by the European Union, and the June meeting of ACP brought valuable information about those upcoming changes to our members. Through a highly informative presentation by Jennifer Kurtz* of Manufacturers Edge, the group learned the basics of the new regulations and gained an understanding of the impact to our DRBC responsibilities and our companies’ practices.

What is the GDPR, and who should care about it?
Known as the General Data Protection Regulation, the GDPR is an expansion of the 1995 European Union Data Protection Initiative. Finalized in 2016, the deadline for compliance with GDPR was May 25, 2018.

The GDPR addresses the rights and practices of different communities of data users that act with and within the European Union: data subjects (e.g., individuals whose characteristics or behaviors are being monitored), data controllers (those who possess sensitive data pertaining to data subjects, e.g., online retailer), and data processors (those who work on behalf of the data controller, e.g., email automation service). 

What are the underlying principles of the GDRP? 
  • Fairness
  • Lawfulness
  • Transparency
  • Consistent purpose
  • Data minimization
  • Accuracy
  • Time limitation 
  • Integrity
  • Confidentiality
  • Accountability 

How do EU privacy expectations and practices differ from those in the US?
USA
EUROPE
Underlying philosophy: right of expression; right to inform; right to privacy/right to be left alone (Louis Brandeis, 1890)
​Underlying philosophy: right to be forgotten; right to erasure (essentially, right to delisting or delinking)
No uniform nationwide standard 
​EU minimum standard 
​50 different approaches (AL enacted data breach notification law 4 April 2018)
Possibility of country-by-country “add-ons”
Indefinite purpose/unlimited retention
​Specific purpose/limited retention
Vermont: most aligned with GDPR as of early June with law passed requiring data brokers to register with the state, take standard security measures, and notify authorities of security breaches. Consumer rights to legal action if personal data used to discriminate.
Article 8 of the European Convention of Human Rights (ECHR) clearly specifies that “everyone has the right to respect for his private and family life, his home and his correspondence.”
California: proposed California Consumer Privacy Act of 2018 would include GDPR-like consent option and redress for breaches
​
*Jennifer Kurtz works with Manufacturer’s Edge clients to protect their information assets and achieve compliance with security standards like ISO 27001 and NIST 800-171. Since 2011, Jennifer has promoted the success of hundreds of small businesses through work with the Denver Metro and Pikes Peak SBDCs, and co-led the Leading Edge for Transportation / Construction Industry and the Growth Catalyst Business Coaching programs. She has developed and taught graduate courses in cybersecurity and project management at Regis University since 2011; authored Hacking Wireless Access Points: Cracking, Tracking, and Signal Jacking (2016) and a chapter of The Data Breach and Encryption Handbook (2011); written numerous articles on cybersecurity, economic development, and eGovernment; and designed online cybersecurity courses for small businesses and individuals. Before moving to Colorado, Jennifer was IT manager for an international automotive manufacturer, project manager for the Indiana manufacturing extension partnership, affiliate faculty at Ball State University, and award-winning director of ecommerce for the State of Indiana. She holds an MBA and a PMP certification.

​© 2022 Association of Continuity Professionals - Colorado Rocky Mountain Chapter