zlacker

[return to "GDPR: Don't Panic"]
1. frereu+N2[view] [source] 2018-05-18 08:33:10
>>grabeh+(OP)
For those of you understandably intimidated by the GDPR regulations themselves, here's a good summary in plain English: https://blog.varonis.com/gdpr-requirements-list-in-plain-eng...

The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...

In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.

◧◩
2. cbg0+K3[view] [source] 2018-05-18 08:44:09
>>frereu+N2
That Varonis link gets posted quite a bit, but it drastically over simplifies things and even tries to poke fun at some aspects of the legislation. The ICO site is a much better read for this.
◧◩◪
3. frereu+l5[view] [source] 2018-05-18 09:03:43
>>cbg0+K3
Fair point - my intent was to point out that some sources which are less intimidating than others. If all you read was the Varonis link you'd be in trouble, but if someone's the kind of person who thinks that they can read one blog post and understand the GDPR I'm not sure they're the kind of person that can be helped anyway...
◧◩◪◨
4. hobofa+sf[view] [source] 2018-05-18 11:09:03
>>frereu+l5
I would even go as far as saying that that article is straight up wrong/misinterpreting at least some of the articles.

I randomly checked Article 14, as I am wondering how I am expected to communicate to users that I don't collect any PII([0]), and it turns out Article 14 is not about

"You need to tell people what you’re doing even if you’re not collecting personal data."

but about

"Information to be provided where personal data have not been obtained from the data subject" = "You have collected personal data about the data subject, just not directly from them, but via some other source"

[0]: Even though I'm not sure if that's even easily possible for any company that has a website, now that IPs can fall under PII.

[go to top]