I'm sure many Governments would love to be able to so simply identify what their citizens do online though.
> This tells nginx to assign the $allow_visit variable a 0 for any users the GeoIP database specifies as coming from the “EU” continent.
Europe is the continent. The EU does not encompass all European countries. Doesn't this needlessly block non-EU European countries?
Just for fun, I would add
server {
# snip....
access_log off;
error_log off;
return 307 https://www.google.com/search?q=gdpr;
}
This, however, does give me an idea. Does anyone have an interest in a web framework which provides user/data management in a gdpr compliant way?
Assuming there is any significant adoption of your proposed solution to avoid GDPR rules the likelyhood is EU citizens will use VPN or Proxy services to bypass the restrictions.
I don’t think the use of a VPN would remove the GDPR obligations on the data controller or data processor.
I use third party tools to help worth logging and error tracking.
Its just not worth my time to support gdpr on a website that makes no money.
“I don’t have time to do all those structural calculations on top of all the properties I have to build”
“I don’t have time for all this silly human safety testing on top of all the drugs I have to develop”
Your statement is equivalent to the above. If you are unwilling to meet a relatively straightforward level or privacy and security for your users’ data, then personally I’m really glad that you’re going to prevent users from accessing it.
select * from x where user == “whoever”;
Or whatever the syntax is.
Alternatively: why are your personal projects storing that data in the first place? If you’re unwilling/unable to put the time into something as trivial as making an archive I’m assuming you also aren’t putting the time into making your data storage secure. Arguably securely storing data is harder than producing an archive.
Or are you saying that gdpr sucks because it actually requires you to care about user data?
Seriously if you think gdpr is “too hard” just. Do. Not. Store. User. Data.
This is not hard. Arguably it is easier and cheaper than any option, including filtering users.
I meant, respecting the law has been a thing for many years, you know? GDPR isn't really different.
I also think the 403 error page explaining that the GDPR is the reason the visitor can't access the page is a nice touch.
€20M is the minimum value for the upper limit of an Article 83(5) or Article 83(6) administrative fine; it's not a minimum fine, and a lesser value (€10M) applies as the corresponding base upper limit for some other violations.
Basically if you’re a small business your maximum fine is likely 20 million, if you’re a large one it’s 4% of your global revenue. The global revenue is needed because companies are perfectly happy moving their money around to minimize the amount of money they make in places that will fine and tax them. They’re also super good at manufacturing reasons that profit does not actually get recorded as profit. Also it’s generally accepted that fines and settlements are an expense, so you’d get a situation where ome fine would effectively discount another.
The wording says fines "up to 20,000,000 Euros"
"up to" usually implies a minimum, not a maximum.