undefined | Better HN

0 pointsthomaskcr7y ago0 comments

I mean part of the issue is that I literally cannot answer the question "are we GDPR compliant?". The amount of time we've spent figuring out whether we need to sanitize apache logs has been ridiculous.

If you search for GDPR IP address you'll get 100 different opinions on what you need to do. That in my opinion is what makes this law ridiculous. How can companies be expected to comply with something this unclear? I'm sure I would have had your opinion before I was the person who is ultimately responsible if my answer to GDPR compliance is wrong.

Everyone having issues with this is somewhere in the line of fire for a wrong answer to any of these questions. Our concern over the fuzziness of this law is very valid, I don't like uncertainty personally.

0 comments

Tomte7y ago

Regulators want to see that you thought about the issue and formulated a plan.

If they ultimately disagree with your judgments, they will tell you, and you'll have plenty of time to get a common understanding.

They will certainly not fine you just because you made a honest mistake.

They will maybe fine you if all you have to show is "I didn't want to find a plausible way myself, nobody spoon-fed me, it's not my fault".

icedchai7y ago

When all else fails, just make something up. In the unlikely event anyone asks, just tell them you have no logs with their IP address. What are they going to do, check themselves?

j / k navigate · click thread line to collapse