European Union GDPR regulations, (of which has caused a great...

European Union GDPR regulations, (of which has caused a great amount of work in corporate world) are not only applicable to Eu countries:

First part explain what GDPR is

Second part on how this effects US companies,

Third part is how this will interact with WHK

What GDPR is?

The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1]Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personal data of individuals (formally called data subjects in the GDPR) inside the European Union, and applies to an enterprise established in the EU or—regardless of its location and the data subjects' citizenship—that is processing the personal data of people inside the EU. Controllers of personal data must put in place appropriate technical and organisational measures to implement the data protection principles."Data protection by design and by default", means that business processes that handle personal data must be designed and built with consideration of the principles and provide safeguards to protect data (for example, using pseudonymization or full anonymization where appropriate), and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit, informed consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation or unless the data controller or processor has received an unambiguous and individualized affirmation of consent from the data subject. The data subject has the right to revoke this consent at any time.A processor of personal data must clearly disclose any data collection, declare the lawful basis and purpose for data processing, and state how long data is being retained and if it is being shared with any third parties or outside of the EU. Data subjects have the right to request a portable copy of the data collected by a processor in a common format, and the right to have their data erased under certain circumstances. Public authorities, and businesses whose core activities centre around regular or systematic processing of personal data, are required to employ a data protection officer (DPO), who is responsible for managing compliance with the GDPR. Businesses must report any data breaches within 72 hours if they have an adverse effect on user privacy.The GDPR was adopted on 14 April 2016, and became enforceable beginning 25 May 2018. As the GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.[dubious – discuss] In some cases, violators of the GDPR may be fined up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.

How this effects US Companies

For U.S. companies, EU-directed online marketing forms and interactions will have to be adjusted to obtain explicit consumer consent. In the language of the GDPR, consent must be “freely given, specific, informed, and unambiguous.”For example, say a Chicago-based software company is looking to run a campaign in France and has set up a webpage to collect email addresses for a white paper. At the very least, the company will need a checkbox -- without a default “x” in it -- accompanied by clear language about what it will be doing with these email addresses. And it’s not allowable to ask the user to click on a link to a long “terms and conditions” document filled with legalese.This can get more complicated when a customer signs up for a service or buys something. The vendor will need to obtain explicit permission for each type of processing done on the personal data (i.e., email promotions or sharing with third-party affiliates will have separate checkboxes).Once the data is collected, U.S. companies will then have to protect it under the GDPR’s rules. For those that already follow existing data security standards (e.g., PCI DSS, ISO 27001, NIST), these new regulations should not be a burden.However, the tough new GDPR 72-hour breach notification rule will certainly require IT departments to up their game.

Interaction with WHK

(1)

The recent 'contract' with the US Government - targeting in particular the supply chain, which from memory can involve 3600 separate entities, each of these will need to be 'vetted' for GDPR compliance, should that company have any dealings with the EU. After all compliance in dealing the US Government, where ever in the supply chain a company sits, is a pre-requisite. I would imagine, and will ask WHK directly if they are doing any work in this area. But my thoughts are that the sort of platforms that WHK are developing, makes a very good fit with this legislation - 'an off the shelf solution'.

(2) What if, (or should i say when) the U.S. follows suit with similar legislation, WHK can be well positioned to 'vet' any company within the USA. We are not talking about the big boys here, as they have already enacted GDPR, but the potential for dealing with companies that do not have this, as they have no interaction with the EU. And there a hundreds of thousands of them.

This is a new industry, albeit a subset of the broader IT industry, and will be watching very closely how WHK position themselves..