zlacker

[return to "GDPR: Don't Panic"]
1. frereu+N2[view] [source] 2018-05-18 08:33:10
>>grabeh+(OP)
For those of you understandably intimidated by the GDPR regulations themselves, here's a good summary in plain English: https://blog.varonis.com/gdpr-requirements-list-in-plain-eng...

The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...

In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.

◧◩
2. downan+Fc[view] [source] 2018-05-18 10:30:12
>>frereu+N2
There is nothing - and I do mean nothing - written into the GDPR that requires any warnings of any kind, or places any limits on fines, except for $10/$20 million or 4% of revenue, whichever is greater. Period. A multimillion-dollar fine without warning for a first, minor violation is perfectly lawful under GDPR. The idea that "yes it says that but we can trust EU regulators to not assess large fines against foreign companies, even though they would benefit handsomely from them" rings hollow to me.
◧◩◪
3. Certha+9h[view] [source] 2018-05-18 11:32:09
>>downan+Fc
That is absurd and wrong. The law says the fine needs to be proportionate:

GDPR 83.1: Each supervisory authority shall ensure that the imposition of administrative fines pursuant to this Article in respect of infringements of this Regulation referred to in paragraphs 4, 5 and 6 shall in each individual case be effective, proportionate and dissuasive.

◧◩◪◨
4. downan+yh[view] [source] 2018-05-18 11:36:40
>>Certha+9h
Proportionate is in the eye of the beholder. As I stated in another response, an example might be that a low-level offense receives a fine of only 10% of the maximum - just $2 million. And apparently I don't need to worry, because I can just spend six figures hiring an attorney in a country I've never been to, who possibly speaks a language I don't, who will fight the case for me if the fine is out of line.

Sounds very workable.

◧◩◪◨⬒
5. Certha+Qk[view] [source] 2018-05-18 12:16:54
>>downan+yh
The mandate of the regulator is to create compliance. Of course any institution can randomly decide to act outside of their mandate. If they would start to do so, the courts would rule them in. Same as anything. Doing business in the US, with it's notion of punitive damages that are completely unconstrained by law is a much larger risk.

On that token, have you actually at all looked into how "proportionate" is interpreted legally? After all this isn't new and there are a vast number of regulations using the same legal language. Yet somehow business in Europe has not stopped. So prima facie your concerns are absurd, you have not brought evidence that there is an issue (or anything at all unprecedented really) and I have to wonder what motivates you.

As others have said, if you have no interest in complying with laws that protect my privacy, then it's appropriate for you to not do business here.

[go to top]