Also, must be nice to live in a country where the regulator is as benevolent and reasonable as is described in this article.
I think it's ok for foreigners to be skeptical of this promise, as the article implies that this reasonableness is not encoded in law.
Such as?
> Also, must be nice to live in a country where the regulator is as benevolent and reasonable as is described in this article.
It is, thanks.
- Scope outside of Europe – e.g. if a completely foreign entity that offers a Spanish or French translation of its service could potentially be covered by GDPR, even if they're not marketing to EU markets specifically. Too bad for Quebec I guess. Or what if you fly to speak at a conference in Europe – is that "marketing" to residents of EU? Depends on your slides? Or not? Who knows.
- Consent – does X fall under "legitimate interest"? Is it essential to providing the service? These are not easy to definitively answer for any non-trivial application. And it's not like you can just err on the side of caution – you are not allowed to ask for more consent than you need IIRC. And if the regulator (one of them) disagrees with you after you've spent a few years building a business relying on a certain interpretation, tough luck I guess, try again?
- How to deal with backups that contain personal information