If your business model is based on something that will violate the GDPR, like streetlend selling user data to advertisers, then should you really be opening that business in the first place?
The parent comment point has been missed or understood but not used. The point is that small companies which are valid must jump through significant hurdles to satisfy gdpr. Contracting an expensive DPO (are they going to be doing you a service in pricing or making out well) to set this up may be more than some small businesses can handle.
If your business model is based on something that will violate the GDPR,
That is COMPLETELY IRRELEVANT to what people are saying. If someone complains about me, am I obliged to defend myself? If I don't, am I subject to ruinous penalties? If I do and am victorious is the complainer required to compensate me for all of my costs?
I'm afraid I disagree entirely. If your business is aggregating data in order to sell more effective advertising then you are walking a line and need a lawyer. If your business is selling widgets and you collect personal details in order to complete orders then you are just going to have to write some documentation.
I can tell you as someone who is working in an old school retailer/wholesaler we are not, and neither is anyone we are talking to through various trade bodies, employing lawyers to do GDPR.
Other way around. This business was opened half a decade ago, with users being perfectly fine with it (or it wouldn't have stuck around). The GDPR on the other hand has flown under the radar and only suddenly became a thing that service providers (generic "service", not "internet service providers") were made aware of in legal context. So if we're raising eyebrows, it's at the EU and the GDPR. Not at sites that have operated to user's satisfaction for five+ years.
What about small companies that don’t sell data as a business model?
GDPR punishes the vast majority of businesses that do not have business models reliant on selling user data in favor of trying to catch the ones that do.
Unfortunately, I fear this regulation will do absolutely nothing to stop the bad actors from selling data as they do now.
sb8244|7 years ago
outsideoflife|7 years ago
fencepost|7 years ago
That is COMPLETELY IRRELEVANT to what people are saying. If someone complains about me, am I obliged to defend myself? If I don't, am I subject to ruinous penalties? If I do and am victorious is the complainer required to compensate me for all of my costs?
omginternets|7 years ago
Again, part of the problem is that it's not clear what does and doesn't constitute a violation.
outsideoflife|7 years ago
I can tell you as someone who is working in an old school retailer/wholesaler we are not, and neither is anyone we are talking to through various trade bodies, employing lawyers to do GDPR.
TheRealPomax|7 years ago
lexs|7 years ago
tchock23|7 years ago
GDPR punishes the vast majority of businesses that do not have business models reliant on selling user data in favor of trying to catch the ones that do.
Unfortunately, I fear this regulation will do absolutely nothing to stop the bad actors from selling data as they do now.