How privacy demands in software development has changed since the introduction of GDPR

Nikolai Norman Andersen

Experience report (30 min)Thursday: 14:15 - 14:45Kongesalen 1

It’s been years since GDPR went into effect and we now have court rulings that tells us how to interpret it. There exists no practical way to transfer personally identifiable information to the U.S. The use of public clouds is in a questionable state due to U.S. ownership. Remote work from outside the EEA may not be possible.

This talk will give you a timeline on what has changed. I will talk about court rulings that defines how we interpret GDPR after Schrems II and I will give you insight from my time working as a Data Protection Officer in a Healthcare-startup. This talk will give you a clearer picture of the state of privacy in the EEA and leave you with a better idea of what your business or project needs to be aware of.