[AnthonyMouse]

> So it's ok for small companies to leak personal data?

The GDPR doesn't just require companies not to leak personal data, it's a huge complex regulatory framework designed to handle the megacorps it was passed to target and imposes unnecessarily high compliance costs, and those costs disproportionately affect smaller entities.

In particular, it is possible to have perfectly sound data protection practices that would never lead to leaking personal data, while still not being in compliance because they're not the specific ones required.

These specific unnecessarily complex rules or total anarchy is a false dichotomy.

[icebraining]

Do you have any specific cases of how much the GDPR has cost to some small companies? My experience (I work in the EU) has been that the GDPR has not particularly difficult or expensive - and in particular it was easier than ISO9001, which we also implemented at a small company -, but I don't have any hard numbers.

[speedplane]

> Do you have any specific cases of how much the GDPR has cost to some small companies?

I work at a medium sized company and know they had to retain a few lawyers at $500/hr to explain what changes had to be made to be GDPR compliant. The changes themselves were not too hard, but hiring the lawyer and knowing what changes to make were.

[setquk]

Rubbish.

I have done GDPR prep for my one man limited company. Took about a day. I don’t even use that company!

https://www.simplybusiness.co.uk/knowledge/articles/2017/11/...

[speedplane]

> I have done GDPR prep for my one man limited company. Took about a day. I don’t even use that company!

How sure are you that you're really compliant? You did it yourself, do you know all the rules? Have you seen how they have been enforced and where the trends are going? Doing a half-baked review isn't good enough for most.

[setquk]

Firstly training. Went on a lot of that. Secondly there are plenty of self-test resources out there.

https://ico.org.uk/for-organisations/resources-and-support/d...