[wdr1]

> I would be very wary of a company who claims this legislation is onerous.

... and elsewhere ...

> On the other hand it also was not very hard for us. We are not a creepy company.

> This is not to say that preparing for GDPR didn’t take us 100s of hours. It did.

A company who it didn't affect much, spent 100s of our hours? I think it would reasonable to call that onerous.

The different & fair question would be if time was justified.

[y0ghur7_xxx]

> A company who it didn't affect much, spent 100s of our hours? I think it would reasonable to call that onerous.

100 hours is 12.5 days. That is not much to protect your users data.

[tatersolid]

That’s the issue with GDPR, it’s that the regulatory burden for Facebook is the same as it is for a small company.

At $dayjob we are at hundreds of thousands of dollars in staff time and legal fees (mostly updating and reviewing existing contracts). We don’t do anything shady with user data, and already have a robust data security program due to our industry.

A family member’s small business which packages meats for the grocery is similarly burdened to the tune of hundreds of thousands.

That’s a huge waste repeated millions of times over around the world. They could have just targeted this at the big web companies and Adtech firms with some simple qualifiers. This law isn’t really much good for consumers, but it’s very good for lawyers.

[bhelkey]

Also see:

> We engaged a dedicated GDPR consultant