I have mixed feelings about CRA, but I am satisfied with FOSS protections. I wish it could allow for more commercialization though,not just donating.
As for commercial work, it's good to have a lighter regime for small, low risk products, but it's still alot of head scratching and uncertainty on our part. Also ditto for independent HR and payroll systems, as they aren't low risk. I wonder if their VPN/VM setups they always included work towards security of the app? Again, more work figuring that out.
No. No, you haven't. GDPR was literally a non-issue for micro companies, because all micro companies had to do with GDPR is not gather data they didn't need.
Same here: all you'll need to do is to do due diligence you already should have been doing to begin with
Lots of tiny businesses on that list too. Also a bunch of local governments, weirdly.
Feels like if we’re at kebab shop levels of granularity for 88 pages of rules governing the entire planet, “a lot of work” is unavoidable, no?
I wish people would actually read the links they post.
That "poor kebab shop" was fined for this:
--- start quote ---
CCTV was unlawfully used. Sufficient information about the video surveillance was missing. In addition, the storage period of 14 days was too long and therefore against the principle of data minimization. Addendum: Fine has been reduced to EUR 1500 by court,
--- end quote ---
GDPR is there only because of the data storage. Illegal CCTV is covered by different laws that, in a twist that should surprise no one, you shouldn't break even if you are a kebab shop.
The actual first business listed there is a "betting place", and it was fined for illegal use of CCTV, too.
> Also a bunch of local governments, weirdly.
It's not weird. It's how laws are supposed to work: governments are not exempt from them.