undefined | Better HN

0 pointsrobin_reala3y ago0 comments

I’m not sure what you mean with your second point. A legal need to collect and process personal data is a valid GDPR basis. You don’t need to get consent there.

0 comments

Kalium3y ago

You don't, but obligations under GDPR include taking "reasonable measures" to protect the private information you're obligated to collect. The point I was making is that this underscores is how difficult it is to define "reasonable measures" because not collecting private information is not always an option.

GDPR is not just about being obligated to ask for consent. Its requirements go a great deal further. Probably. Maybe. Depending on what someone unknown with an unknown background considers reasonable based on unknown factors.

I'm sure that will be easy to write requirements around. Right?

j / k navigate · click thread line to collapse

0 pointsrobin_reala3y ago0 comments

I’m not sure what you mean with your second point. A legal need to collect and process personal data is a valid GDPR basis. You don’t need to get consent there.

0 comments

Kalium3y ago

I'm sure that will be easy to write requirements around. Right?

j / k navigate · click thread line to collapse