[diggan]

Seems like more companies than needed are confessing to misusing people's data. If you only use cookies for login or other essential information (not related to tracking people), you do not need to show any cookie banner. Same with the GDPR stuff, if you don't store more data about users than absolutely needed for essential functionality, GDPR isn't affecting you.

[thayne]

>if you don't store more data about users than absolutely needed for essential functionality, GDPR isn't affecting you.

Except you need to completely delete all data for users who close their account. Need to have a data protection officer, and need to have a way to give users all the data you have from them upon request. All of which can be a significant burden for small companies, or non-commercial websites.

[diggan]

> Except you need to completely delete all data for users who close their account. Need to have a data protection officer, and need to have a way to give users all the data you have from them upon request. All of which can be a significant burden for small companies, or non-commercial websites.

Well, you're a good example about people misunderstanding GDPR :)

If you're a small company and processing data isn't a core part of your business and whatever the business does doesn't create risks for your users, there are parts of GDPR you don't have to care about, for example you don't need to have a DPO in that case.

GDPR is meant to protect users from businesses that are harvesting users data, in order to gain a bit of privacy back. It's not for your tiny SaaS that only requires a email to use and you collect no analytics about users.