People that say this have not actually read the law, talked to “experts” about how to comply, or attempted to comply themselves. I have, and you’re just flat wrong.
I have read the law, read the guidance, been through the GDPR compliance process for a data-heavy product, have talked to lawyers about the same, and my partner has drafted GDPR policies for several large tech firms. I don’t know everything, but I’m reasonably well-informed.
I’m confident that compliance is:
- Straightforward for any non-tech firm;
- More complex but not that hard for most tech firms that handle data;
- Far more complex for large organisations than small ones;
- Basically only a real problem for fly-by-night tech companies that want to operate by reselling personal data.
I’m not sure what your motivations are it making it seem disproportionately burdensome to comply with, but I don’t think they’re good.
I won’t contue arguing with you, other than to say that what you’re saying flies in the face of everything we have been told after spending thousands of dollars on experts and independently researching the issue for hundreds of hours. If you do a simple Google search, you’ll find that we are not alone in this view, and in fact you may find yourself alone in your view that compliance is easy and costs next to nothing. Chances are quite good that if you thought it was “easy,” you’re not fully in compliance.
I’m confident that compliance is:
- Straightforward for any non-tech firm;
- More complex but not that hard for most tech firms that handle data;
- Far more complex for large organisations than small ones;
- Basically only a real problem for fly-by-night tech companies that want to operate by reselling personal data.
I’m not sure what your motivations are it making it seem disproportionately burdensome to comply with, but I don’t think they’re good.