| > I think the things that bother me is: > > 1) A College student working on a side project with no revenue are treated the same as some massive multi-national. That's false. The GDPR repeatedly refers to evaluating the risk with regards to various decisions. The ICO even has separate guidance for small businesses and big businesses. > 2) It's a foreign requirement that feels like a violation of sovereignty. Most business/startup owners complain about there being too much domestic regulations, now we have to worry about things outside of our own countries -- that also can come into conflict with our domestic tax authorities on things like data retention. An international agreement would be entirely different. This one I can appreciate, but perhaps look at it from our point of view: You're violating our laws that protect our citizens. Why would we possibly have any sympathy for that? > 3) The GDPR requires clear and concise language, but have done nothing of the sort when writing the regulations. For most websites outside of the EU, could they not have produced a concise 1-2 page infographic produced by the regulators themselves? The GDPR is easier to read than many US laws, and you don't have to read it anyway. The ICO has written extremely high-quality guidance for most businesses which will suffice. It should take no more than a few hours to determine how your business would be affected. https://ico.org.uk/for-organisations/business/ |
No one forced your citizens to come to my website.