Rough translation:
GDPR - General Data Protection Regulation
Attention!
In our butcher shop we might ask you for your name and memorize which kind of meat you like. If you don't want us to do that please shout "I do not approve!" when entering.
I think it's pretty awful and, as someone who cares about privacy, feels kind of disrespectful. (Layering disrespect under humor doesn't change it.) The basic attitude is: yes, we use all the tracking technology available and give your data to all the scary third parties, and no, you shouldn't be surprised because that's internet standard these days, and you don't know how this tech works anyway, so haha and good luck.
Looks like a company that doesn't care at all about its users. If they always whine like this each time they have to do something, their course must be quite a pain to follow. That's a good example on not how to do it...
Despite the fun part, if they keep notes of their client names, it has to be GDPR compliant.
That’s the example I give to my client, but with a hairdresser. If they give you fidelity card and they got a copy of your name in a cardboard box, then yes they have to comply to GDPR.
Here in France, even the media says that GDPR is for internet companies, not explaining that it’s for every companies. So most of them are surprised when you tell them they have to be compliant.
"This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system."
Note that for GDPR to apply, the data has to be part of or intended to be part of a "filing system". (It is possible to read the above as saying that the filing system requirement is only for data processed other than by automatic means, but Recital 15 suggests it is not limited that way: "The protection of natural persons should apply to the processing of personal data by automated means, as well as to manual processing, if the personal data are contained or are intended to be contained in a filing system").
What is a filing system? Article 4 tells us:
"‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis"
Recital 15: "Files or sets of files, as well as their cover pages, which are not structured according to specific criteria should not fall within the scope of this Regulation"
One could probably make a good case that if you are just randomly tossing cards into a cardboard box, that's not a structured set of data, and so not a filing system, and so GDPR does not apply.
The cookie law didn't ensure that you could opt-out and still receive service. Most sites just said "Accept cookies or go somewhere else" and since all competing services also used tracking cookies, you weren't given much of a choice.
> German butcher's GDPR notice: "sometimes we ask you what your name is and notice your favorite meat. if that's not okay by you, loudly shout, when you enter, 'I don't agree to that!'...we will, from then on, act like we never got to know you."
>german butcher's GDPR notice: "sometimes we ask you what your name is and notice your favorite meat. if that's not okay by you, loudly shout, when you enter, 'I don't agree to that!'...we will, from then on, act like we never got to know you."
This completely misses the point, and it's telling that it gets votes. The GDPR does not regulate what you personally know, it is about collections of information outside of your brain.
If a European butcher takes notes on his customers using a paper notebook or Excel, are these different modes of data-management subject to GDPR? That's a pretty relevant question esp. since the article is on a butcher. The entire discussion is on the scope of GDPR.
The IP law is related, it protects some people or companies IP, publishers have to follow it, have to respond to DMCA, people in other countries can go to jail. But people that want the IP laws think that my private data should not be mine and not be protected, because it should not be or because it is not easy. Responding to DMCA claims, making sure to use the right licenses for software and assets is not easy either so why is one liked or at least respected by startups and companies and other disliked?
