[swores]

By that logic the GDPR is "about" fridge magnets because any business storing personal data using letter magnets arranged on a fridge is subject to GDPR. Sure, often cookies constitute/contain personal data, but when they don't they are not regulated by GDPR.

[bduerst]

I mean, if you're storing user information that isn't pertinent to the business with fridge magnets on a slab of metal, and the user asks you to take them down, it's a GDPR violation if you don't remove/scramble said magnets after 30 days.

Method of data storage isn't really specified, but that's why it's General Data Protection Compliance.

[swores]

Yes of course it would cover that hypothetical situation, as I said in my comment, but it would still be ridiculous in general conversation to say "GDPR does require that businesses get consent before using fridge magnets" without specifying "if personal data is involved".

[tick_tock_tick]

Yes, that is correct GDPR as written and as being interpreted by the courts covers every aspect of commerce, any interaction with another entity no matter how far removed, and any observable side effects of said interactions even if neither party knows of the third parties.

[swores]

Yes of course it would cover that hypothetical situation, as I said in my comment, but it would still be ridiculous in general conversation to say "GDPR does require that businesses get consent before using fridge magnets" without specifying "if personal data is involved".