zlacker

>>grabeh+(OP)
For those of you understandably intimidated by the GDPR regulations themselves, here's a good summary in plain English: https://blog.varonis.com/gdpr-requirements-list-in-plain-eng...

The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...

In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.

>>frereu+N2
There is nothing - and I do mean nothing - written into the GDPR that requires any warnings of any kind, or places any limits on fines, except for $10/$20 million or 4% of revenue, whichever is greater. Period. A multimillion-dollar fine without warning for a first, minor violation is perfectly lawful under GDPR. The idea that "yes it says that but we can trust EU regulators to not assess large fines against foreign companies, even though they would benefit handsomely from them" rings hollow to me.

>>downan+Fc
Yes and there's nothing saying I won't be arrested and thrown into a cell for the rest of my life if I say something incorrect by mistake when entering the US.

There's nothing that says IRS won't prosecute you if someone buys you a soda and you don't declare it as income.

Or that you won't be prosecuted by someone in the US if your blog has a copyrighted image and you don't receive a DMCA request that was sent to you.

See how ridiculous that sounds?

All fines can be administratively and judicially appealed.

>>raverb+og
> I won't be arrested and thrown into a cell for the rest of my life if I say something incorrect by mistake when entering the US

For the rest of your life? Source please?

You can be put temporarily into a cell for plenty of stuff but that's temporary. A fine is pretty permanent and when it can be millions, well that's probably the end of your business too.

> There's nothing that says IRS won't prosecute you if someone buys you a soda and you don't declare it as income.

Isn't it simply paying back what you should have + interest? (with some threshold)

Paying taxes is already part of the cost of running a business too (and that's a pretty low cost for a startup, versus having an actual trained DPO).

> Or that you won't be prosecuted by someone in the US if your blog has a copyrighted image and you don't receive a DMCA request that was sent to you.

Which is exactly why you try not to put copyrighted image over your website. Most of the times PII isn't something you can just avoid for a business.

> All fines can be administratively and judicially appealed.

Any appeal represents a cost. A cost that you can't always support until the end.

At the end, it's all about the cost of the risk... that's it. GDPR seems a pretty high cost.

>>dwild+Rx
The IRS is probably the best US example of "proportionate punishments" and why people should not be overly afraid of GDPR.

The tax laws are vastly more complex than GDPR. The maximum penalties for tax fraud seem to be $250,000 + cost of prosecution + 5 years in jail.

If you make a small mistake on your taxes, and the IRS notices, you will probably receive a warning and have to repay it with interest. If you make a negligent mistake, you may be in addition be fined a small percentage, like 10-20%, of the amount you failed to declare. You have to conduct very large scale and intentional tax evasion for the maximum penalties to apply.

The IRS could argue for and try to apply the maximum penalties for a lemonade stand, but they don't. And people go on with their lives, put in their best effort to comply, and can be confident that they will be treated fairly.