[dasil003]

Oh please stop with this FUD already. Risk assessments on GDPR litigation are blown wildly out of proportion. If we approached the risk of all laws in all jurisdictions this way, we'd just wake up and commit seppuku every morning. The only services that actually need to shut down are ones that are monetizing based on personal data. Small SaaS services that aren't doing that can be fully GDPR compliant with a little bit of copy writing and self-service options for deleting/downloading personal data, and even if you don't do all that, in all likelihood, on the off chance that they actually get significant complaints about small services, regulators will give you a chance to justify your stance and make necessary remediations before throwing the book at you.

[oh_sigh]

If what you are saying is true, why would a business choose to shut down their EU services until some later date?

Do they hate making money? Did they just want to make people panic about GDPR(after it had already been implemented)? Are their lawyers just really bad at their jobs?

Seriously. What is their motivations from your perspective?

[hk__2]

Probably incompetence.

1) Don’t think about users’ privacy from the start. 2) Ignore GDPR until the enforcement deadline. 3) Panic and shut down EU until you find something to do.

[394549]

>> The only services that actually need to shut down are ones that are monetizing based on personal data. Small SaaS services that aren't doing that can be fully GDPR compliant with a little bit of copy writing and self-service options for deleting/downloading personal data

> If what you are saying is true, why would a business choose to shut down their EU services until some later date?

> Do they hate making money? ...

> Seriously. What is their motivations from your perspective?

Don't assume businesses are making rational decisions just because they're businesses. Their motivations may very well be that their leader irrationally freaked out after reading some anti-GDPR FUD, overreacted, and hasn't yet reevaluated the decision.

[kjeetgill]

Of course it's FUD, thats almost the definition of of risk. "Risk assessments on GDPR litigation are blown wildly out of proportion." because there's a lot of fear, uncertainty, and doubt.

I just don't think it's particularly unjustified FUD. It is a big law that made a big splash. Can you really blame anyone who wants to wait and see how it goes down?

There IS a ton of guess work for now. To take either stance with so much certainty is a little dishonest IMHO. And I think you agree! You say yourself "... in all likelihood, on the off chance ..." Is "better safe than sorry" really so unreasonable.

[pembrook]

>Risk assessments on GDPR litigation are blown wildly out of proportion.

Are there any precedents set for GDPR enforcement yet? No? Then how can you know that?

[detaro]

Little in GDPR is completely new, lots of it has been in national law or previous EU legislation before, and the entities responsible for enforcement aren't new, so you can look at past privacy enforcement actions as at least some precedent.

[solarkraft]

Isn't the worst case 4% of global turnover? Shouldn't Instapaper's EU revenue be far above that?

[nspady]

It is the whichever is greater of 20 million Euros or 4 percent of annual turnover.

[solarkraft]

I see. That must seem brutal to small businesses.

[kungtotte]

There's also the proportionality clauses to consider. The law explicitly states that the penalty should be proportionate, so that small companies aren't hit with huge fines.

[toomanybeersies]

The fines are supposed to be proportional. Everyone has latched on to the $40mm clause, and decided that anyone in breach of GDPR rules is going to be fined millions of dollars.

[Kiro]

What copywriting is necessary? I haven't done anything on my stuff.

[dasil003]

Explaining what you are doing with customers' data.

[paulcole]

> Risk assessments on GDPR litigation are blown wildly out of proportion.

Easy to say when you're telling someone else to take the risk.

[dasil003]

Just to be clear, I have skin in the game.