undefined | Better HN

0 pointsStreamBright7y ago0 comments

Exactly. People try to explain to me how it is impossible to comply and usually it turns out that it would be easy. I think the problem most of time that people misunderstanding the requirements or not reading GDPR (not even TLDR versions).

0 comments

merinowool7y ago

It is easy if they believe particular person's interpretation. But that doesn't mean they are right. People have huge problems with interpreting written word if it is not written without a room for interpretation and if you add to the mix bureaucrats that have targets to meet you'll see it will not be easy at all.

willvarfar7y ago

Am in EU, am involved in some compliance stuff and have talked to plenty others at other companies, and it really does seem to be a nothing-to-see-here for all companies except the sleezy ones.

hvidgaard7y ago

In all of my research, talking to lawyers, and seminars on GDPR, it is about:

1. Ask permission for collecting data

2. Keep sensitive data safe

3. Restrict access to said data

4. Keep a log of what happens with the data

5. Delete it upon request

6. Have all of the above documented and adhere to the protocol.

It's such a none issue unless you're relying on the very thing GDPR is designed to combat. If you not collecting and selling peoples data, and you don't do the above already, see this as a good opportunity to do what you should have been doing all along. There is such an awareness now, that it's the easiest it has ever been to know how to handle sensitive data properly.

2 more replies

usrusr7y ago

Is there even a single thing forbidden under GDPR that wasn't already forbidden before in at least half a dozen member states? In that case, it makes everything easier except for ignoring requirements.

1 more reply

windowsworkstoo7y ago

The only person who’s opinion you should worry about is your internal legal counsel’s. The nerds who try to carry on like this is a technical problem with a technical solution are so far off. It’s about beig able to argue and justify your interpretation - not how much you have gold plated your tech stack

DanBC7y ago

All law has room for interpretation, that's what the courts are for.

There are no targets for bureaucrats.

dtf7y ago

What targets? Where have you heard something about targets?

merinowool7y ago

Every institutions have targets to prove their existence is of benefit to the tax payer.

1 more reply

bengale7y ago

I think the biggest complaint I've heard so far is that there is too much room for interepration at the moment, we currently lack any case law.

AnabeeKnox7y ago

There is no "TLDR" of the GDPR. It has to all be read, understood and complied with. This is basic legal compliance, and is not at all easy for a small business.

orwin7y ago

And if you are a small/medium business, don't comply and somehow are reported, you will receive an email from the regalutory instance of the country the person who reported you come from. They will tell you what is wrong and point you to some articles who can give you advices on how to comply. If you have difficulty to do so, you can contact them and ask specific advices, they will respond (probably a bit late) and as long as you comply with the RGPD within a month after that, you're good.

Audit can take some time and have a real impact on your business though, so i'm not saying everything is perfect. But to me, audit is the only thing you have to be really afraid of, not fines.

bausshf7y ago

It's especially hard for a small sized business where all your clients are either departments of the government or leasing companies.

gcthomas7y ago

Yes, and it is not that hard a read. The only problems people seem to be having are in trying to finesse the rules to avoid looking after data with due diligence. If you really want to look after data, then you just need to do that, and you will be compliant.

StreamBrightOP7y ago

There is TLDR version, it is called the checklist. Here is one:

https://ico.org.uk/for-organisations/resources-and-support/d...

It captures the compliance with a checklist which is shorter than the original 88 page law.

j / k navigate · click thread line to collapse

0 comments

merinowool7y ago

willvarfar7y ago

Am in EU, am involved in some compliance stuff and have talked to plenty others at other companies, and it really does seem to be a nothing-to-see-here for all companies except the sleezy ones.

hvidgaard7y ago

In all of my research, talking to lawyers, and seminars on GDPR, it is about:

1. Ask permission for collecting data

2. Keep sensitive data safe

3. Restrict access to said data

4. Keep a log of what happens with the data

5. Delete it upon request

6. Have all of the above documented and adhere to the protocol.

2 more replies

usrusr7y ago

1 more reply

windowsworkstoo7y ago

DanBC7y ago

All law has room for interpretation, that's what the courts are for.

There are no targets for bureaucrats.

dtf7y ago

What targets? Where have you heard something about targets?

merinowool7y ago

Every institutions have targets to prove their existence is of benefit to the tax payer.

1 more reply

bengale7y ago

I think the biggest complaint I've heard so far is that there is too much room for interepration at the moment, we currently lack any case law.

AnabeeKnox7y ago

There is no "TLDR" of the GDPR. It has to all be read, understood and complied with. This is basic legal compliance, and is not at all easy for a small business.

orwin7y ago

Audit can take some time and have a real impact on your business though, so i'm not saying everything is perfect. But to me, audit is the only thing you have to be really afraid of, not fines.

bausshf7y ago

It's especially hard for a small sized business where all your clients are either departments of the government or leasing companies.

gcthomas7y ago

StreamBrightOP7y ago

There is TLDR version, it is called the checklist. Here is one:

https://ico.org.uk/for-organisations/resources-and-support/d...

It captures the compliance with a checklist which is shorter than the original 88 page law.

j / k navigate · click thread line to collapse