zlacker

[return to "GDPR: Don't Panic"]
1. frereu+N2[view] [source] 2018-05-18 08:33:10
>>grabeh+(OP)
For those of you understandably intimidated by the GDPR regulations themselves, here's a good summary in plain English: https://blog.varonis.com/gdpr-requirements-list-in-plain-eng...

The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...

In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.

◧◩
2. downan+Fc[view] [source] 2018-05-18 10:30:12
>>frereu+N2
There is nothing - and I do mean nothing - written into the GDPR that requires any warnings of any kind, or places any limits on fines, except for $10/$20 million or 4% of revenue, whichever is greater. Period. A multimillion-dollar fine without warning for a first, minor violation is perfectly lawful under GDPR. The idea that "yes it says that but we can trust EU regulators to not assess large fines against foreign companies, even though they would benefit handsomely from them" rings hollow to me.
◧◩◪
3. raverb+og[view] [source] 2018-05-18 11:23:37
>>downan+Fc
Yes and there's nothing saying I won't be arrested and thrown into a cell for the rest of my life if I say something incorrect by mistake when entering the US.

There's nothing that says IRS won't prosecute you if someone buys you a soda and you don't declare it as income.

Or that you won't be prosecuted by someone in the US if your blog has a copyrighted image and you don't receive a DMCA request that was sent to you.

See how ridiculous that sounds?

All fines can be administratively and judicially appealed.

◧◩◪◨
4. dwild+Rx[view] [source] 2018-05-18 14:09:25
>>raverb+og
> I won't be arrested and thrown into a cell for the rest of my life if I say something incorrect by mistake when entering the US

For the rest of your life? Source please?

You can be put temporarily into a cell for plenty of stuff but that's temporary. A fine is pretty permanent and when it can be millions, well that's probably the end of your business too.

> There's nothing that says IRS won't prosecute you if someone buys you a soda and you don't declare it as income.

Isn't it simply paying back what you should have + interest? (with some threshold)

Paying taxes is already part of the cost of running a business too (and that's a pretty low cost for a startup, versus having an actual trained DPO).

> Or that you won't be prosecuted by someone in the US if your blog has a copyrighted image and you don't receive a DMCA request that was sent to you.

Which is exactly why you try not to put copyrighted image over your website. Most of the times PII isn't something you can just avoid for a business.

> All fines can be administratively and judicially appealed.

Any appeal represents a cost. A cost that you can't always support until the end.

At the end, it's all about the cost of the risk... that's it. GDPR seems a pretty high cost.

◧◩◪◨⬒
5. 8note+DV[view] [source] 2018-05-18 17:06:14
>>dwild+Rx
nothing requires you to be let out of those cells. All those people in Guantanamo are going to die there.
[go to top]