zlacker

[return to "GDPR: Don't Panic"]
1. frereu+N2[view] [source] 2018-05-18 08:33:10
>>grabeh+(OP)
For those of you understandably intimidated by the GDPR regulations themselves, here's a good summary in plain English: https://blog.varonis.com/gdpr-requirements-list-in-plain-eng...

The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...

In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.

◧◩
2. downan+Fc[view] [source] 2018-05-18 10:30:12
>>frereu+N2
There is nothing - and I do mean nothing - written into the GDPR that requires any warnings of any kind, or places any limits on fines, except for $10/$20 million or 4% of revenue, whichever is greater. Period. A multimillion-dollar fine without warning for a first, minor violation is perfectly lawful under GDPR. The idea that "yes it says that but we can trust EU regulators to not assess large fines against foreign companies, even though they would benefit handsomely from them" rings hollow to me.
◧◩◪
3. meredy+3h[view] [source] 2018-05-18 11:31:21
>>downan+Fc
I think you and everyone making similar points in this thread are getting tripped up by the difference between rules-based regulation and principles-based regulation. This is unsurprising, given that the US is so heavily rules-based, but the EU (certainly the UK) has a long history of principles-based regulation.

In rules-based regulation, all the rules are spelled out in advance, and the regulator is basically an automaton once the rules are set. In principles-based regulation, the rules are extensive rather than complete and you expect the regulator to have some lattitude (and, if the system is well designed, a mechanism of recourse if they do something stupid).

An advocate of rules-based regulation would say this can make regulators unpredictable and capricious. An advocate of principles-based regulation would say it is an important safeguard against "rules-lawyering" and regulatory capture (especially the kind that ties new entrants up in check-box compliance that doesn't actually affect your business because all the rules have been worked around).

A classic example would be the time PayPal tried to tell the UK regulators they shouldn't be regulated like a financial institution (which is a claim they successfully made in the US). They pointed to chapter and verse of the relevant law, and said that according to subparagraph 2.b.c(iii)... and the relevant regulator essentially told them "shut up, you keep consumers' money for them and will be treated accordingly". As a result, the worst "PayPal took all my money and I can't get it back" stories generally do not come from the UK. (And when they do, they are accompanied by referrals to the Financial Conduct Authority, who have teeth.)

You can approve of this way of working or not, but the GDPR is a principles-based regulation, and you'll have to engage with it on those terms.

◧◩◪◨
4. matwoo+xl[view] [source] 2018-05-18 12:25:42
>>meredy+3h
> This is unsurprising, given that the US is so heavily rules-based, but the EU (certainly the UK) has a long history of principles-based regulation.

This is a good point, but many people seem to forget that most misdemeanor criminal offenses in the US are punishable by fine and/or up to 30+ days in jail. People do not often get the jail time so most don't even think about it, but it is available as an option to the judge for things like repeat offenders.

◧◩◪◨⬒
5. Clubbe+Dq[view] [source] 2018-05-18 13:11:31
>>matwoo+xl
Unfortunately in the US, any conviction leads to essentially a work "blacklist," whereby employers do background checks and deny employment for anything they find within 7 years.
◧◩◪◨⬒⬓
6. frocki+Tt[view] [source] 2018-05-18 13:40:43
>>Clubbe+Dq
Not for non-violent misdemeanors. Unless you're a flagrant offender you will normally be slapped don the wrist and given a stern lecture in the form of a class. Source: was in a fraternity in the US where literally nothing bad happened to anyone I knew with a misdemeanor outside of a fine and class
◧◩◪◨⬒⬓⬔
7. Clubbe+Gw[view] [source] 2018-05-18 14:01:31
>>frocki+Tt
A lot of companies won't hire you if you have a criminal record of any kind. Some won't even hire you if you have any record of arrest, regardless of conviction.

Which fraternity?

◧◩◪◨⬒⬓⬔⧯
8. frocki+uy[view] [source] 2018-05-18 14:14:40
>>Clubbe+Gw
If the court seals the record its nearly impossible for anyone but government agencies to discover
◧◩◪◨⬒⬓⬔⧯▣
9. dragon+TP[view] [source] 2018-05-18 16:26:14
>>frocki+uy
> If the court seals the record its nearly impossible for anyone but government agencies to discover

No, it is not, because background check and other third-party intelligence firms aren't purely reactive now, they have and use tools to proactively vacuum up public records and maintain their own DBs. After-the-fact sealing of arrest records or expunging of convictions has no effect on data that is already in third-party hands.

[go to top]