zlacker

There is no "TLDR" of the GDPR. It has to all be read, understood and complied with. This is basic legal compliance, and is not at all easy for a small business.

>>Anabee+(OP)
Yes, and it is not that hard a read. The only problems people seem to be having are in trying to finesse the rules to avoid looking after data with due diligence. If you really want to look after data, then you just need to do that, and you will be compliant.

>>Anabee+(OP)
And if you are a small/medium business, don't comply and somehow are reported, you will receive an email from the regalutory instance of the country the person who reported you come from. They will tell you what is wrong and point you to some articles who can give you advices on how to comply. If you have difficulty to do so, you can contact them and ask specific advices, they will respond (probably a bit late) and as long as you comply with the RGPD within a month after that, you're good.

Audit can take some time and have a real impact on your business though, so i'm not saying everything is perfect. But to me, audit is the only thing you have to be really afraid of, not fines.

>>Anabee+(OP)
It's especially hard for a small sized business where all your clients are either departments of the government or leasing companies.

>>Anabee+(OP)
There is TLDR version, it is called the checklist. Here is one:

https://ico.org.uk/for-organisations/resources-and-support/d...

It captures the compliance with a checklist which is shorter than the original 88 page law.