|
|
|
|
|
|
by Silhouette
2717 days ago
|
|
|
Insanely complicated compared to what? I'd suggest that one obvious comparison is with not having the GDPR. I know my own businesses spent considerable time and money understanding the implications and updating our documentation to comply with the new requirements. However, that was basically all we changed in the end, because we weren't doing anything particularly unusual or dodgy in the first place. In other words, for us, the whole thing was basically an expensive box-ticking exercise with no real benefit to anyone. I imagine there are many other small businesses that could tell a similar story. The most likely alternative for those that can't is probably that they're not compliant, either deliberately or through ignorance of their new legal obligations, so that still doesn't benefit data subjects in any useful way. It seems realistic to estimate that several billion pounds has been spent on this sort of paper-pushing exercise in the UK alone, which does suggest some level of rhetorical insanity here if it hasn't really benefited anyone in any measurable way. Perhaps time will tell and regulators will be more effective in curbing the excesses of the big data crunchers that these rules were presumably aimed at, but until we start seeing evidence of real benefits for the average person in the street, I for one will remain sceptical about whether all the extra red tape and complexity was justified. |
|
|
> Perhaps time will tell and regulators will be more effective in curbing the excesses of the big data crunchers that these rules were presumably aimed at...
Fair points. We've spent a decent amount of time working through GDPR implications for clients, and if nothing concrete comes out of this for the Googles / Facebooks of the world - which may take 5-10 years to judge - I'll be pretty angry too.
> until we start seeing evidence of real benefits for the average person in the street
I think there are already obvious tangible benefits. Our clients now have very clear markers on their websites about what data is going to be used and how. We've persuaded some of them to purge tens of thousands of email addresses from their lists that probably weren't even DPA compliant just because of the threat of GDPR, and I've spoken to non-tech people who feel more in control of data when signing up for things now. Not all organisations are following best practices - bundled consent seems to be pretty common still - but it feels like it's going in the right direction.