However, many real-life problems seemingly haven't even been considered by legislative bodies. In GDPR support forums questions like these have been routinely asked in recent months and there isn't always a clear, dependable answer:
- How will I be able to operate my small company website in the future in a legally compliant manner? Some companies even consider shutting down their websites completely and - of all things - only using a Facebook page in the future. Hence, ironically we might very will see GDPR actually benefitting companies like Facebook at the detriment of small companies that consequently won't have complete ownership of their content anymore.
- How exactly does a privacy policy have to be worded so I don't get sued on day 1?
- In which way will I still be able to store address data for contacting my existing customers?
- Will I still be able to use anti-spam and security plugins for my website? These tools might store users' IP addresses, which in some jurisdictions are considered personal data.
- Can I still load resources like Google Fonts from CDNs or do I now have to host those myself?
Maybe you shouldn't operate your company if you can't comply, then. The entire point of the GDPR is elevating privacy as a priority. If that means companies that can't or won't compy can't operate, so be it. People always claim to be pro-privacy, and that means putting privacy above commerce, in the same way that a restaurant that can't or won't meet safety and sanitation regulations shouldn't operate.
The point of GDPR indeed is elevating privacy as a priority. Good intent however doesn't automatically entail that the implementation has been equally good.
The EU Justice Commissioner only recently has been quoted that she herself could implement the rules required by GDPR. At the same time the European Commission's very own website isn't even remotely GDPR-compliant. That's just arrogant and condescending.