Not just the legal team. Every time there’s new legislation like this, a new set of contractors pop up offering to walk your company through what it needs to do to be compliant. Nobody is quite sure what the limits are–and nobody will for several years until court precedents work out the issues–so those contractors are going to tell you to assume the worst case interpretation.
PCI Compliance (technically a contractual obligation rather than legal), Sarbanes-Oxley, and GDPR were good things, but all of them spawned a sub-industry of grifters.
Not just the legal team. Every time there’s new legislation like this, a new set of contractors pop up offering to walk your company through what it needs to do to be compliant. Nobody is quite sure what the limits are–and nobody will for several years until court precedents work out the issues–so those contractors are going to tell you to assume the worst case interpretation.
PCI Compliance (technically a contractual obligation rather than legal), Sarbanes-Oxley, and GDPR were good things, but all of them spawned a sub-industry of grifters.
Is it even the legal team though? This just feels like someone playing malicious compliance.