|
|
|
|
|
|
by annabellish
2991 days ago
|
|
|
I kind of feel like every question in the first link is entirely reasonable and people _should_ be able to get those answers, though. Nothing in there is onerous if you're following good practices anyway. I really feel like the answers to all of those questions are going to be basically identical between people, and all you really need to do is be able to export whatever data you have on somebody quickly in order to be able to respond to that email in under quarter of an hour. I guess it could make a decent DoS tactic against a small company, but lots of other things would too. |
|
|
Let's take an app like Instagram as an example. Instagram had over 1 million users within two months and 10 million within a year, and no profits. You're running on a shoestring trying to keep servers online without any serious budget to speak of. It's probably you and a few friends/associates working closely together.
All of a sudden with GDPR, you have to pay a lawyer to help you understand what you need to do to comply with the regulations. You also have to spend engineering time developing solutions to enable the queries in that letter, enable purging records from long-term backups, etc. And people have to spend the 15 minutes responding to each request.
Now, let's say each request does only take 15 minutes like you suggest (which I find highly unlikely). If a small fraction like 0.5% of your customer base sends such a letter, then that's 50,000 letters. At 15 minutes each, that's 12,500 hours which is over 6 full-time employees. Many small business don't even have 6 employees to conduct the entirety of their business right now!