| HN Mirror

> You claim that GDPR has a big administrative burden to small businesses but that's not the case as long as your business model is not based on invasion of privacy

Have you ever dealt with a regulatory enquiry? Even if you have done nothing wrong, they are harrowing, time-consuming and--occasionally--costly.

> Small restaurants need to follow hygiene standards just as the big chains

Look at the food codes in most large cities. Multi-location chains have stricter standards than single-venue restaurants. This is because (a) multi-location complexity introduces new vectors for harm (and lets it scale faster) and (b) people are willing to accept greater risks from small purveyors.

kazinator 2948 days ago

> people are willing to accept greater risks from small purveyors.

No they aren't, WTF?

> No they aren't

Everyone isn't. But most people accept home-cooked meals without demanding municipal inspection.

Furthermore, the presence of looser food codes--in the U.S. and Europe--for small-batch and single-location vendors, in comparison to chains, supports the hypothesis that many people see the added risk worth taking for more variety.

Parents literally teach their kids to not accept food from strangers and women are often drugged by accepting drinks from strangers.

People accept food from people they know socially or from an organisations that they know.

EU won't go after you if you send a link of your non-complient code to your friend as long as your friend doesn't start a legal action against you.

You are freaking out for no good reason.

My point is that people balance risk of food-borne illness against variety. Homes are virtually unregulated because we rely on individuals using their social networks. Small restaurants are more strictly controlled. Chains, stricter still. This is a common regulatory pattern for good reasons.

You’ll still have legal trouble if your food or drinks harm people.

Same with the web, if you’re coding for your own social circle GDPR is not something you need to comply as long as someone of your social circle is harmed and starts an action against you.

Also, different regulations for different sizes is due to the nature of the business. It’s not that small shops are allowed to be dirtier than the chains.

kazinator 2948 days ago

> But most people accept home-cooked meals.

From "generally regarded as clean" friends and relatives.

I know right? But on the other hand, people are fine to ingest pills sold by a dude that barely can spell his name but will totally freak out if someone opens a hospital with fake doctors :)

How did you manage to deal with a GDPR enquiry? It's been less than a Week since it's introduction.

Something tells me that your reaction is not based on facts but pure ideology, an ideology that assumes that regulations are always bad the businesses will take care of the consumers if left to their own devices.

> How did you manage to deal with a GDPR enquiry?

Pardon me, I did not mean to imply I have dealt with a GDPR enquiry. I was asking if you had dealt with any regulatory enquiry.

> an ideology that assumes that regulations are always bad

Quite the contrary. I like American and European securities regulation. I regularly call my Congresswoman for more privacy protections. (I had some luck getting a law I helped draft through committee in Albany. No further.) I've also consistently been of the position that Facebook should be broken up on antitrust grounds. My opposition to GDPR is purely on the way it is administrated.

Yes, I did, I had to comply with EU workspace regulations. Built a nice toilet marked the floor with yellow lines, paid a wage above the minimum wage, registered a company and the govt. people said it's all good.

It's really not that big of a deal.

I would have trouble only if I was doing illegal business, make people work in an unsafe and dirty environment, didn't provide the sanitary needs and paid them less than the national minimum wage.

ascar 2948 days ago

The difference here is any (european) person on the internet that finds a website can put a significant burden on you. Even if it's not a business, but just a personal homepage, blog or small non-profit website of your favorite hometown sports club. Especially if they have an internal member area on their website.

Even worse in Germany, we have something called "Abmahnung" (https://de.wikipedia.org/wiki/Abmahnung). Every lawyer can send you a letter telling you to follow the law and request payment from you for the "service" of telling you that. This can be several hundred euros and you can then decide to go to court (and lose if they were right) or pay them. German law firms can pick up non-GDPR compliant websites using crawlers (e.g. just identifying pages without privacy policies accessible, is a simple one) and fine exactly the persons that are not targeted by the GDPR. It's absurd and it has nothing to do with these people doing any kind of damage.

It would be similar if you had to to put your workspace policy and data proving your fulfillment of workspace regulations up in the internet, so any single lawyer can check them and send you a bill, if they find something wrong. This can't be the right way to go for private websites, small non-profits and even small businesses. It's just insane.

Edit in response to the comment below as I can't reply for whatever reason: Multiple legal help pages about the German law say that you can get an "Abmahnung" even without proving that there is a client that is a competitor. E.g. here https://www.datenschutz.org/datenschutzerklaerung-website/#d... "Seit Anfang 2016 können nicht nur Mitwerber, sondern auch Verbraucherschutzverbände Abmahnungen wegen fehlender Datenschutzerklärungen versenden. Das bedeutet, dass diese Option nicht allein gewerbliche Websites treffen kann." It's limited to Verbraucherschutzverbände (probably translatable as customer protection agencies), so the risk for a private page is close to zero based on this, but I'm not a lawyer, I don't know what exactly changed here through GDPR/DSGVO and you still basically have to consult a lawyer to be on the safe side.

Tomte 2948 days ago

That‘s FUD.

The lawyer would need to show that there is (a) a client and that this client is (b) a competitor of the target.

For your personal page that‘s next to impossible.

vmarsy 2948 days ago

> You claim that GDPR has a big administrative burden to small businesses but that's not the case as long as your business model is not based on invasion of privacy. If it is, well, tough life!

There's something I don't get in your argument: How having a business model not based on invasion of privacy is protecting your business from receiving GDPR Subject Access requests requests, the legal fees a small business needed to spend to take care of those, and the handling of those?

In your food example it'd be more like as if a law required you to have an employee meeting with a health inspector daily. And that employee must not be a cook/staff. This seems easier for a big chain to comply than a small business.

Here, to monitor all their email, each social media pages, etc and spend time figuring out if each tweet/post is a subject access request is going to be much easier to scale for a big company compared to a small business.

Also one thing a bit off topic that's not clear to me is if suddenly a business needs to start handling and archiving sensitive information because of GDPR letters (for each request, there must be a proof of identity such as ID, passport scan, etc). You now risk having potentially non compliant businesses handle those. That seems like exposing yourself more to identity theft for each GDPR request you make.

(See "how do we recognize a request" in https://ico.org.uk/for-organisations/guide-to-the-general-da... )