|
|
|
|
|
|
by GordonS
3017 days ago
|
|
|
I'm afraid I completely disagree, especially with "borderline draconian". When I first heard about it, I was somewhat fearful of the unknown, imagining I was going to have to 'waste' time on 'checkbox compliance' - but after spending some time reading about it, I believe the intent is good, and also that the burden isn't going to be that big. As a consumer, I absolutely want the GDPR - I believe I do have a right to know how my information will be used, to know exactly what is held, and to have it deleted if desired. As a founder, I want to be responsible with personal data. And because I am, I'm already compliant with just about everything needed by the GDPR. I hardly expect a deluge of requests from users, so I don't even need to spend any time on automation. |
|
|
Moreover, as a founder, I couldn't agree more with being responsible about working with personal data. We have always been careful about the data we collect and how we store and process it. But from what we have learned ourselves so far, we seem to have significant additional obligations under the GDPR (for example, being able to produce substantial amounts of formal documentation to the ICO on demand) that we would not currently be able to meet, and we might have other obligations that could be awkward (often related to the various subject requests now possible) but the implications aren't fully clear.
We also don't expect a huge deluge of requests from users. In fact, we've never had any under existing data protection rules. However, given that there several people have posted to HN recently saying that they'll be happy to send in large numbers of such requests when the GDPR comes into effect just to make a point, and unlike the current data protection rules in the UK there appears to be no provision for a token fee to deter such vexatious requests, we have to consider the possibility and at least have some intelligent way to respond, even if that just means knowing what our actual obligations would be if anyone did make such a request without doing any other work in advance.