zlacker

[return to "GDPR: Don't Panic"]
1. frereu+N2[view] [source] 2018-05-18 08:33:10
>>grabeh+(OP)
For those of you understandably intimidated by the GDPR regulations themselves, here's a good summary in plain English: https://blog.varonis.com/gdpr-requirements-list-in-plain-eng...

The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...

In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.

◧◩
2. danthe+z4[view] [source] 2018-05-18 08:54:26
>>frereu+N2
The amount of discretion and lack of clarity in the penalties is part of the problem. It opens you up to risk based on the whims of politics and the regulators and increases uncertainty. Laws should be clear, limited, and understandable - this is not.
◧◩◪
3. ThePhy+7c[view] [source] 2018-05-18 10:23:01
>>danthe+z4
I really don't know why people think that the authorities will (or even could) automatically punish each minor infraction with 4 % of global revenue or 20 million €. GPDR article 87 specifies in great detail when fines should be imposed and how their value should be calculated, and the Article 29 WP also has a guideline on that:

https://ec.europa.eu/newsroom/just/document.cfm?doc_id=47889

It is therefore simply not possible for a data protection authority to impose arbitrary or ridiculously high fines as they would never hold up in court.

◧◩◪◨
4. pjc50+jc[view] [source] 2018-05-18 10:25:53
>>ThePhy+7c
I'm starting to wonder if there's an active disinformation campaign about this somewhere. Are people getting their fears from Facebook again?

Edit: If there is such a thing I bet it's Cambridge Analytica/"SCL group" involved, since they made their money from large scale nonconsensual abuse of political personal data, and have an arm dedicated to swinging elections with misleading Facebook adverts.

◧◩◪◨⬒
5. thomas+GH[view] [source] 2018-05-18 15:24:30
>>pjc50+jc
I mean part of the issue is that I literally cannot answer the question "are we GDPR compliant?". The amount of time we've spent figuring out whether we need to sanitize apache logs has been ridiculous.

If you search for GDPR IP address you'll get 100 different opinions on what you need to do. That in my opinion is what makes this law ridiculous. How can companies be expected to comply with something this unclear? I'm sure I would have had your opinion before I was the person who is ultimately responsible if my answer to GDPR compliance is wrong.

Everyone having issues with this is somewhere in the line of fire for a wrong answer to any of these questions. Our concern over the fuzziness of this law is very valid, I don't like uncertainty personally.

◧◩◪◨⬒⬓
6. Tomte+As1[view] [source] 2018-05-18 21:29:27
>>thomas+GH
Regulators want to see that you thought about the issue and formulated a plan.

If they ultimately disagree with your judgments, they will tell you, and you'll have plenty of time to get a common understanding.

They will certainly not fine you just because you made a honest mistake.

They will maybe fine you if all you have to show is "I didn't want to find a plausible way myself, nobody spoon-fed me, it's not my fault".

[go to top]