zlacker

[return to "GDPR: Don't Panic"]
1. frereu+N2[view] [source] 2018-05-18 08:33:10
>>grabeh+(OP)
For those of you understandably intimidated by the GDPR regulations themselves, here's a good summary in plain English: https://blog.varonis.com/gdpr-requirements-list-in-plain-eng...

The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...

In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.

◧◩
2. danthe+z4[view] [source] 2018-05-18 08:54:26
>>frereu+N2
The amount of discretion and lack of clarity in the penalties is part of the problem. It opens you up to risk based on the whims of politics and the regulators and increases uncertainty. Laws should be clear, limited, and understandable - this is not.
◧◩◪
3. frereu+b5[view] [source] 2018-05-18 09:00:39
>>danthe+z4
In an ideal world, yes. But that leads you down a Kafkaesque hole of bureaucracy - at some point you have to stop adding detail and leave things open to interpretation. There are plenty of laws out there with fines "up to €X" and, from my limited experience, I don't think the GDPR is especially ambiguous compared to others.
◧◩◪◨
4. kingof+G5[view] [source] 2018-05-18 09:08:04
>>frereu+b5
Well, lots of ends open to interpretation, and $20 mln fine - so obviously nothing to care about! Hysteria!
◧◩◪◨⬒
5. DanBC+t6[view] [source] 2018-05-18 09:16:48
>>kingof+G5
Maximum possible fine for repeated worst possible violation after ignoring previous attempts at regulation and not making changes after previous smaller fines.

It's not a minimum.

◧◩◪◨⬒⬓
6. frereu+r7[view] [source] 2018-05-18 09:27:54
>>DanBC+t6
I think this is a common misinterpretation though because of the lanauge - that the maximum fine is actually the minimum, because the figures that are talked about are "€20m or 4% of global turnover, whichever is the greatest." It's the emphasis on "the greatest" that has an undercurrent of "we're going to fine you the maximum of these two numbers."
◧◩◪◨⬒⬓⬔
7. Stavro+hb[view] [source] 2018-05-18 10:11:02
>>frereu+r7
I'm not sure what you mean by "actually the minimum". They will find you the maximum of those two numbers, at most, if you flagrantly disregard the law.
◧◩◪◨⬒⬓⬔⧯
8. frereu+Rd[view] [source] 2018-05-18 10:43:49
>>Stavro+hb
Yeah, this is the confusion - it's difficult to write it out in a way that isn't ambiguous! I think the fact that there are two numbers, the higher of which is the maximum fine, may imply to some people that the lower figure is the minimum - i.e. if 4% of your global turnover is €100m then €20m is the minimum - but of course there in fact isn't a minimum. It might have helped comprehension if there had been an arbitrary minimum figure - say €100 - to anchor the discussions.
◧◩◪◨⬒⬓⬔⧯▣
9. Stavro+re[view] [source] 2018-05-18 10:51:46
>>frereu+Rd
Ah, I see what you mean now. That's not how I understood it, but some people might.
[go to top]