[rdlecler1]

Most startups simply don’t have the resources to figure out what to do to be compliant. I’m guessing that Facebook had a dozen lawyers working on this and even more engineers. This is only going to put up a barrier to startup creation and give large corporations more power.

[georgebarnett]

I won’t shed a tear.

“My company is small and so can’t afford to manage our customers data properly” doesn’t hold water with me.

If this causes cull of a part of the current crop of companies and have them replaced with companies that are able to meet requirements them so be it.

[ohazi]

Bullshit. For most startups, the recipe will look something like:

Write a set of scripts to pull user-related lines out of your database(s), write another script to sanitize the output, write another script to delete the lines from script #1 and act as the big red delete button.

This is giving large corporations more power? Seriously?

[existencebox]

Context: I'm currently responsible for GDPR compliance within a small corner of a Very Large Company.

I'm going to avoid making a statement about GDPR as a whole or about the OP, but I will say that I don't think large companies having an advantage at this phase is "bullshit."

One specific aspect of GDPR seems a good example of this. Third party data processors. If you use various third party products that provide tracking, testing, or other shims, you're responsible for ensuring export and delete of any PII associated data that flowed to those channels as well. Now, you can say the response is "if your partner doesn't have responsive channels, you have to pull the data" to make onesself compliant, but BigCos have the implicit advantage of being able to push the other direction, and get systems/functionality built into the third party product to allow them to be supported easier.

The amount of face to face time, support, and "deep touch" I can get with third party companies when compared to prior smaller corps is very apparent to me, and I'd be lying if I said it didn't make my task of ensuring GDPR compliance easier. Whether that translates to "more power", I don't know. But it's certainly an enabler.

[apahwa]

except BigCo also has tons of systems, autobackups, legacy code, and S3 buckets that's no one understands or has enough knowledge about. you know it's secure but you don't know what the downstream impact would be of making changes to those systems. so now you have to divert a ton of resources to figure things out - and no SWE in the company will willingly move to _that_ project.

while small companies don't have the big legal teams, they can just hire a consulting firm to go over it with them. they also have the benefit of being nimble, having smaller dependency trees, and typically using 3rd party tools which will generally implement this tooling anyways since their customers will likely need it. BigCo likely did a bunch of roll-your-own projects that have become black boxes over time.

[rdlecler1]

Just hire a consulting team? Yes, that’s the first thing you should do as you start a company in your basement with $0.

[Angostura]

If I can manage it for kid’s swimming club, I think most small startups can manage it unless user data is a big part of its value proposition

[georgebarnett]

>> unless user data is a big part of its value proposition

I think this is the real issue. Some large percentage of the current crop of startups don't actually have a business model other than "get as much data as possible and sell it to the lowest bidder".

GDPR is adding a substantial implementation tax to that model and what we're seeing is the reset for companies who can't survive.

[rdlecler1]

No, any startup that uses data to make an adaptive service and better user experience is also at risk. Want to record what people bought so that you can show them similar items next time or recommend New articles they might like? Here comes the dumb web.

[Bombthecat]

That was my thought what Zuckerberg was after in the hearings in front of the senate.

"Oh we are bad and abuse our power"

Oh you want more regulations? Whoopsi.

Only huge corp's can finance that? Oh well.