Hacker News new | ask | show | jobs
by xg15 3009 days ago
To be fair, the EU introduced a two-year transition period with the express purpose that businesses should update their processes and basically identify and prepare for potential problems such as this one.

This transition period is ending this summer. Why is this discussion taking place now?
2 comments
nopriorarrests 3009 days ago
I'm involved in GDPR-compliance taskforce in our company, and I can answer this question.

GDPR is very broad and open to interpretations, which will happen only when someone got caught, i.e. during first legal battles.

So, transition period does not really help, be that 2 years or 4. We need to see how this law gonna be enforced by regulators, and which common IT practices constitute breaking the law and which are not.

link
Silhouette 3009 days ago
This transition period is ending this summer. Why is this discussion taking place now?

Because no-one thought to inform most of the businesses affected by it before, and awareness has only grown in recent weeks (and even then probably only among business people who frequent forums like HN where the subject has come up).

link
vidarh 3009 days ago
> (and even then probably only among business people who frequent forums like HN where the subject has come up).

Every business I've worked with over the last couple of years of consulting have had sessions on GDPR entirely without any technically minded people having to bring it up.

I'm sure there will be people caught by surprise, by what I've seen has been very promising.

link
Silhouette 3009 days ago
Every business I've worked with over the last couple of years of consulting

OK, but if you're going into a business and consulting, that already suggests both a certain scale and a degree of awareness within those businesses, so this isn't likely to be a representative sample.

link
vidarh 3009 days ago
I'm not consulting on the GDPR, and my clients range from 2-person companies to 2000 people with most of them being much closer to the low end than the high, so while it certainly will be a biased selection in other respects (e.g. they're companies with a certain degree of technical complexity) I don't think it says much about awareness (other than already having more tech staff) or scale.

Additionally, most companies without much technical infrastructure are less likely to be affected much in the first place.

link