zlacker

>>grabeh+(OP)
Exactly. People try to explain to me how it is impossible to comply and usually it turns out that it would be easy. I think the problem most of time that people misunderstanding the requirements or not reading GDPR (not even TLDR versions).

>>Stream+Y
It is easy if they believe particular person's interpretation. But that doesn't mean they are right. People have huge problems with interpreting written word if it is not written without a room for interpretation and if you add to the mix bureaucrats that have targets to meet you'll see it will not be easy at all.

>>merino+m1
Am in EU, am involved in some compliance stuff and have talked to plenty others at other companies, and it really does seem to be a nothing-to-see-here for all companies except the sleezy ones.

>>willva+E1
In all of my research, talking to lawyers, and seminars on GDPR, it is about:

1. Ask permission for collecting data

2. Keep sensitive data safe

3. Restrict access to said data

4. Keep a log of what happens with the data

5. Delete it upon request

6. Have all of the above documented and adhere to the protocol.

It's such a none issue unless you're relying on the very thing GDPR is designed to combat. If you not collecting and selling peoples data, and you don't do the above already, see this as a good opportunity to do what you should have been doing all along. There is such an awareness now, that it's the easiest it has ever been to know how to handle sensitive data properly.

>>hvidga+u2
Yes.

And even (1) isn't always needed. There are several justifications for processing personal data, and permission is only one of them. (Although for compliance it is the easiest)

https://gdpr-info.eu/art-6-gdpr/

And (5) has a bunch of caveats. You don't always need to delete data.

Right to Erasure: https://gdpr-info.eu/art-17-gdpr/