| ▲ | Barrin92 3 hours ago | |
Under GDPR if a company processes European user data they're obligated to make a "Record of Processing Activities" available on demand (umbrella term for a whole bunch of user-data / identity related stuff). They don't necessarily need to store them onsite but they need to be able to produce them. Saying you're an internet company doesn't mean you can just put the stuff on a server in the Caribbean and shrug when the regulators come knocking on your door That's aside from the fact that they're a publicly traded company under obligation to keep a gazillion records anyway like in any other jurisdiction. | ||
| ▲ | chrisjj 2 hours ago | parent [-] | |
> They don't necessarily need to store them onsite but they need to be able to produce them. ... within 30 days, right? The longest "raid" in history. | ||