[zimpenfish]

> on top of the cost of achieving "compliance."

Compliance with GDPR is easy though - don't aggressively track and monitor European visitors. If you've stuffed your website that full with invasive trackers et al that you can't show it to Europeans for fear of broaching personal privacy legislation, you should probably have a good long think about where you've gone wrong.

[erik_seaberg]

GDPR is not merely a list of bad things to avoid, it adds a lot of ongoing burdens to every company active in the region. Hire more people. Actively investigate your own compliance. Wait months for government permission to deliver features.

There are people who aren't doing anything wrong, who did the math and decided they can't clear a profit on proving they aren't doing anything wrong.

[dmitriid]

The ongoing burden is minuscule.

What’s wrong with actively investigating your own compliance?

What government permissions are you even talking about?

[erik_seaberg]

https://gdpr-info.eu/art-36-gdpr/

[dmitriid]

Says nothing about government permissions.

You must consult in case, quote “processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk”.

[erik_seaberg]

You're free to bet $22M that they won't punish you for not waiting 8-14 weeks for their permission.

[dmitriid]

You keep saying permission even though nothing anywhere says about a permission. Now you've come up with a number that you pulled out of the blue.

You keep imagining things and expect me to have an argument about them.

What I do care about is for companies getting the highest possible fines for their mismanagement of user data. Like British Airways, https://www.wired.co.uk/article/british-airways-data-breach-...