Data443 Risk Mitigation Inc (ATDS)

[stockvaper]

Good question. It sounds like it's still in the process of tests and rulings.

Will GDPR Rules Impact States and Localities?

"The European Union's General Data Protection Regulation (GDPR) May 25 enforcement deadline is fast approaching, but state and local governments shouldn't worry, say experts.

GDPR is a set of strict rules that give European Union (EU) citizens control over their personally identifiable information (PII).

The rules have instilled fear in a number of these entities, which may face fines of up to 4 percent of their annual global revenue or 20 million euros, whichever is greater, should they fail GDPR compliance. But what about state and local governments?

REGULATORS EXPLAIN GDPR'S IMPACT ON GOVERNMENT
“If a third country processor like a U.S. government agency is not targeting the European market with goods and services, then they would not have to abide by GDPR,” said Dirk Hensel, a spokesman for Germany’s federal commissioner for Data Protection and Freedom of Information. “I don’t think we’ll see too many of these cases are relevant.”

However, if the state of Florida’s tourism department, for example, launches a promotional campaign to target residents living in Europe to come visit the Sunshine State, then any PII data collected on those German citizens by the state of Florida would likely fall under GDPR requirements, he explained.

One point Hensel noted, however, is if the Florida tourism department relied on an advertising agency to run its promotional campaign and interact with Germany’s citizens, then it is the advertising agency that needs to abide by GDPR..."

"...HOLDING EU CITIZEN DATA NOT AN OPTION
Although the impact on state and local governments is expected to be minimal, government agencies are still taking stock of where they potentially stand when it comes to complying with GDPR and safeguarding PII data of EU citizens.

The Washington state Office of Privacy and Data Protection (OPDP) held a staff meeting in March to discuss GDPR issues, according to Will Saunders, senior program manager for open data at Washington’s OPDP.

Alex Alben, Washington state chief privacy officer, led the discussion on how much risk Washington state faces under GDPR and one of the issues considered, for example, is the number of Europeans who receive services from the state and what potential risks that could mean to Washington state, Saunders recalled.

“The number of Europeans receiving state services is pretty minimal and the state is already taking efforts to keep its PII to a minimum,” said Saunders.

GDPR consultant Sheila FitzPatrick, founder of FitzPatrick & Associates, said state and local governments will not likely have a lot of PII data on European residents, compared to federal agencies.

“Governments tend to hold onto data, but under GDPR, in most circumstances, they won’t be able to do that,” she warned. “Federal, state and local governments are not exempt under GDPR....”

http://www.govtech.com/data/Will-GDPR-Rules-Impact-States-and-Localities.html