top | item 37509477

(no title)

GlickWick | 2 years ago

Because an inversion of responsibility happens at some turning point of organization size.

A small company that wants to survive has to spend a lot of effort and engineering hours becoming compliant with the legislation. If they fail to do so, the following legal battle and potential fines have a high probability of bankrupting them. They must be proactive to avoid this.

Large corporations instead get to be reactive. They comply where it’s convenient and otherwise operate on an “ask forgiveness later” mindset. Legal battles and billion dollar fines barely register and instead of becoming destructive events, just become minor taxes on doing business.

As much as I appreciate the spirit of the legislation, the implementation has actually empowered large companies and is squeezing out small business.

discuss

dylan604|2 years ago

I disagree. You know when you're doing shady things with your software. Just don't do it.

GlickWick|2 years ago

You disagree with what exactly?

In the case of being a small business, it’s not even about being shady. Imagine you were building a simple step tracking database for a pedometer app. All it does is store a user id and some daily steps. You have zero intent to market or share it in any way, no ad personalization, no third parties, etc. Before GDPR you’d just spin this up and be fine. Now you need to deal with data consent policies, data deletion tools, potential exfiltration policies if your DB isn’t in the EU, etc. Enjoy the engineering and legal costs there.

Mega corp can just ignore most of this and pay later. It’s a massive difference.