I work for a big $company in the US. The lawyers are freaking. At this point we are simply documenting any use of Personally Identifiable Information, which in our case (since we don't store any) means providing a list of API endpoints at which such data enters and exits the system. It seems like a high CYA factor, but the company has deep pockets so wants to be safe. We have heard that phase 2 will be to provide on-demand data expungement, although again in my team we don't keep it to begin with.
It's keeping one poor bastard busy for a few days making a spreadsheet.
The way forward always starts with a minimal test.
Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
Want more info? How to link or
or How to display code and escape characters
are good places to start.