|
|
|
|
|
|
by cbg0
2959 days ago
|
|
|
> For instance, I run a small community website (~30 people). I receive no income, and I know everyone involved You may be able to ignore GDPR compliance in your situation, as per article 2: > This Regulation does not apply to the processing of personal data: [...] by a natural person in the course of a purely personal or household activity; [...] There is some more information in recital 18, that says > This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. So if you're not making money, and you're not established as a business you should be okay. If you have any doubts or concerns, become compliant or ban all EU/EEA users. |
|
|
For instance:
> by a natural person in the course of a purely personal or household activity
First off, this isn't purely personal nor household activity. I serve others, not myself.
> and thus with no connection to a professional or commercial activity.
If the goal of the community is to help people develop professional skills (writing, for instance), couldn't that have a connection to professional activity? Also, I use this website as an example on my resume to bolster my own professional competence as a coder. That could qualify.
As always, laws are words that generally end up with the best paid lawyer's interpretations winning in court. It's a roll of the dice, that statute is not clear at all.
We're still debating the meaning of nearly all statutes in the US constitution 242 years later. Some in the legal community have declared "consensus" by case law, but even those end up getting changed and overturned all the time.