zlacker

[return to "GDPR: Don't Panic"]
1. frereu+N2[view] [source] 2018-05-18 08:33:10
>>grabeh+(OP)
For those of you understandably intimidated by the GDPR regulations themselves, here's a good summary in plain English: https://blog.varonis.com/gdpr-requirements-list-in-plain-eng...

The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...

In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.

◧◩
2. downan+Fc[view] [source] 2018-05-18 10:30:12
>>frereu+N2
There is nothing - and I do mean nothing - written into the GDPR that requires any warnings of any kind, or places any limits on fines, except for $10/$20 million or 4% of revenue, whichever is greater. Period. A multimillion-dollar fine without warning for a first, minor violation is perfectly lawful under GDPR. The idea that "yes it says that but we can trust EU regulators to not assess large fines against foreign companies, even though they would benefit handsomely from them" rings hollow to me.
◧◩◪
3. p49k+Wh[view] [source] 2018-05-18 11:40:55
>>downan+Fc
> A multimillion-dollar fine without warning for a first, minor violation is perfectly lawful under GDPR

Come on, this is just scaremongering. Newsflash: If you run a business, you are already responsible for adhering to hundreds of other laws in which the fines could reach millions. But you don't see people running around screaming that the world is ending, because they know that the laws will generally be applied fairly, given that a large economy (like that of the EU) relies on just application of laws to maintain stability.

Running a business, like anything else in life, requires the ability to make reasoned choices from somewhat ambiguous data. And the data here is somewhat ambiguous for good reason - it's to prevent businesses from exploiting loopholes and rendering the law ineffective. If you are going to crank the anxiety to 10 every time a situation like this occurs, you probably shouldn't be running a business or handling others' data in the first place.

◧◩◪◨
4. alerig+HW[view] [source] 2018-05-18 17:13:39
>>p49k+Wh
Which other violation could cost me a 20 million dollar fine ?

Sure, they will probably don't give that fines, but they could, what if I run a small business that interferes with the activity of some other business run by for example someone that is friend or can corrupt the people in charge of doing the fines ? They will fine me for 20 million dollars, sure I can appeal, a normal trial in my country lasts at least 5 years, in this time I will probably go out of business...

The fact that they could it's a big problem, they should have specified a proportion between the size of your company and the maximum allowed fine.

◧◩◪◨⬒
5. slrz+yG1[view] [source] 2018-05-19 00:33:40
>>alerig+HW
> Which other violation could cost me a 20 million dollar fine ?

Tax code violations, for sure. Environmental regulations may also carry huge maximal fines. Some misdeeds can even lead to criminal prosecution and land you in jail (but generally, they won't, except for the worst of transgressions).

Note that the GDPR requires fines to be proportional to the offence. If you really worry about some regulator fining you for 20M euros just because they're having a bad day, you do have legal recourse available.

[go to top]