[mdpopescu]

> I'm confident that, in the very unlikely event that a regulator even notices my little businesses, that I'll be able to correct any mistakes before fines come into play.

Every business owner in Romania knows two things:

- the IRS equivalent will investigate them periodically, usually every few years - they will ALWAYS find something to fine the company for

Sure, you will have to correct the something, but that doesn't mean you don't have to pay the fine anyway.

Also, incidentally, the company I was branch manager for has been once investigated by the police for credit card theft (they received a complaint). They couldn't find anything (because we didn't steal any credit cards - we just had a lot of computers because we were programmers, working for the main company in the US) but, in order not to have wasted the raid, they decided to prosecute us for copyright violations (they found a few pirated games).

So, at least in Romania, there is no such thing as "correcting mistakes before fines come into play".

[KozmoNau7]

That's a local problem in Romania, not a GDPR problem.

As in your example, they'll use any law to beat people over the head. That should not be an argument against a privacy protection law.

[JumpCrisscross]

> That's a local problem in Romania, not a GDPR problem

It's actually a human problem. The history of political bodies granted immense discretion to fine and punish is consistent and terrible.

[hypertextcoffee]

If your business was in the UK, the ICO can and would be able to stop you processing data, and get a search warrant for your business address. This is because they report directly to the government.

I doubt you'd be able to fix any issues before they get involved.

PS. it's Cambridge Analytica