> GDPR threatens website owners with fines of 4% of turnover or €20 million (whichever is higher) if they do not jump through a number of ambiguously-defined hoops.
...No. GDPR certainly doesn't. The often quoted "4% of revenue" fines are upper bound of fines for the serious intentional and continuous violations.[1] Spreading information like this is almost certainly the textbook definition of FUD.
GDPR is, largely, 'common sense' regulation. At the gist of it is "be responsible with users data". If you want to store personally identifiable information, that comes with it a set of responsibilities that you have to keep on top of. Delete data when users ask for it. Inform users about what you do with their data. I really think that's the minimum you could ask for.
Edited fines to align closer to the language used in the actual regulation
madeofpalk|7 years ago
> GDPR threatens website owners with fines of 4% of turnover or €20 million (whichever is higher) if they do not jump through a number of ambiguously-defined hoops.
...No. GDPR certainly doesn't. The often quoted "4% of revenue" fines are upper bound of fines for the serious intentional and continuous violations.[1] Spreading information like this is almost certainly the textbook definition of FUD.
GDPR is, largely, 'common sense' regulation. At the gist of it is "be responsible with users data". If you want to store personally identifiable information, that comes with it a set of responsibilities that you have to keep on top of. Delete data when users ask for it. Inform users about what you do with their data. I really think that's the minimum you could ask for.
Edited fines to align closer to the language used in the actual regulation
[1]: https://en.wikipedia.org/wiki/General_Data_Protection_Regula...
cbeach|7 years ago
Are you making a legally binding guarantee there?
api_or_ipa|7 years ago
cbeach|7 years ago
No shenanigans intended.
Thanks for linking to the prior discussion.