The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...
In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.
Come on, this is just scaremongering. Newsflash: If you run a business, you are already responsible for adhering to hundreds of other laws in which the fines could reach millions. But you don't see people running around screaming that the world is ending, because they know that the laws will generally be applied fairly, given that a large economy (like that of the EU) relies on just application of laws to maintain stability.
Running a business, like anything else in life, requires the ability to make reasoned choices from somewhat ambiguous data. And the data here is somewhat ambiguous for good reason - it's to prevent businesses from exploiting loopholes and rendering the law ineffective. If you are going to crank the anxiety to 10 every time a situation like this occurs, you probably shouldn't be running a business or handling others' data in the first place.
Source please?
> If you are going to crank the anxiety to 10 every time a situation like this occurs, you probably shouldn't be running a business or handling others' data in the first place.
I'm not running one right now. It's not the situation that give me anxiety, it's just that it no longer seems interesting to support European customer for a potential business if that imply that I risk that much over their information. They just removed a big bunch of potential customer for a potential company. I would already try my best to limit the amount of PII but there's many time you just can't.
I'm from Quebec. Here we have laws over lottery. You know what it imply? If you make a lottery here in Quebec, you need to follow some simple regulations (I personally know people that did it essentially for fun (not for profit)) so they are pretty easy to follow, and pay the taxes for the winner. You know what I had to endure each time I went on an online contest, a broad exclusion because it was just not worth it to follow theses regulations. It's crazy the number of contest where you could literally do CTRL+F "Quebec" in the rule and find our little province (nowadays I see more of "where law forbid it" or stuff like that, but I haven't try to participate for a long time on a contest either).
Do theses companies had too much anxiety for our regulation? None at all, they were some multi billions companies that did this. It was just not worth it.