1. Under GDPR, it is illegal for a small business to take someones contact information from a...
Question:
1. Under GDPR, it is illegal for a small business to take someone’s contact information from a business card or a LinkedIn connection’s contact details and adding this information to the firm’s database without his/her direct consent. Receiving someone’s contact information doesn’t imply consent. What is your opinion of this rule?
2. The United States does not have a federal law like the GDPR. Do you think that such a law should be enacted? Why, or why not?
3. Should American firms, with no offices outside the U.S., be exempt from the GDPR even though they have customers in the EU?
4. If a small business has EU customers and also does business in all 50 states, experiences a data breach, it must notify every state within 72 hours according to the GDPR. What is your opinion of this provision?
5. Some small businesses have turned to “penetration testing” to determine the security of their data. This means hiring a “white-hat hacker” to see if they can break-in to the company’s database. Do you think this is a good way to test data security?
Step by Step Answer: