zlacker

[return to "GDPR: Don't Panic"]
1. frereu+N2[view] [source] 2018-05-18 08:33:10
>>grabeh+(OP)
For those of you understandably intimidated by the GDPR regulations themselves, here's a good summary in plain English: https://blog.varonis.com/gdpr-requirements-list-in-plain-eng...

The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...

In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.

◧◩
2. downan+Fc[view] [source] 2018-05-18 10:30:12
>>frereu+N2
There is nothing - and I do mean nothing - written into the GDPR that requires any warnings of any kind, or places any limits on fines, except for $10/$20 million or 4% of revenue, whichever is greater. Period. A multimillion-dollar fine without warning for a first, minor violation is perfectly lawful under GDPR. The idea that "yes it says that but we can trust EU regulators to not assess large fines against foreign companies, even though they would benefit handsomely from them" rings hollow to me.
◧◩◪
3. omgint+kd[view] [source] 2018-05-18 10:39:26
>>downan+Fc
>we can trust EU regulators

I want to stress that this is a major point of political polarization in Europe at the moment. Even if this claim is true, it warrants a clear and articulated defense.

◧◩◪◨
4. frocki+Du[view] [source] 2018-05-18 13:47:34
>>omgint+kd
Agreed, for some reason people tend to forget that Austria, Italy, and the UK among others have explicitly said the opposite of this
◧◩◪◨⬒
5. guitar+PL[view] [source] 2018-05-18 15:54:55
>>frocki+Du
I mean some of those are bad examples, like the UK's government isn't great w.r.t. privacy (Investigatory Powers Act). Shocker that they might disagree with EU regulators.

But fair enough, nobody should be trusted blindly. This is why we have appeals and legal avenues to create checks and balances. So in the context of this discussion, it's pointless. We don't have to trust them. If a fine looks disproportional, there are legal remedies. Up to the ECHR which is generally quite careful in it's decisions.

If you don't trust the EU's legal system, that's a different problem. One that rings a bit hollow, and doesn't really further the GDPR discussion.

[go to top]