Hacker News new | ask | show | jobs
by 7bit 140 days ago
I hope these are the correct English translation:

Record of processing activities, data processing agreements, consent documentation, technical and organisational measures, data protection impact assessment, data retention and deletion concepts, legal basis documentations, etc. etc.
1 comments
disgruntledphd2 140 days ago
Yeah, but basically all of those are either standard for SMEs or no-ops.

For instance, if I run a bakery and sell baked goods online, I'm probably using Shopify who comply with this with one button.

Even if I built the baking website myself, all I need is email address and physical address to send delicious baked goods to you. I need to keep the payment records for a long time (for dispute prevention if nothing else) but that's it.

Where is the GDPR hassle in this case?

Just stop collecting data you don't need (or make sure it's for a good reason, like fraud prevention) and you'll be fine.

If said bakery creates accounts, it's a little more involved but basically you just need to implement soft delete to comply with your obligations.

I'm not sure this is a massive hit, can you help me understand what SMEs exactly are going to be hit by complex GDPR compliance?

link
7bit 139 days ago
No, a bakery using Shopify will not spare them having these documents. You show a respectable amount of ignorance only to then claim GDPR won't be a hassle in this case. It absolutely is a hassle, which you would know, had you familiarized yourself with the subject.

Even stating "just stop collecting data you don't need" shows, that you did not care to read my response before you replied to it, and how little you generally know about the topic.

Not repeating what I said, I will add this: if you do collect personal data (and you WILL if you do anything online, write invoices or just have a security camera on premises) than you will have to have these documents ready.

link
disgruntledphd2 139 days ago
> No, a bakery using Shopify will not spare them having these documents.

https://help.shopify.com/en/manual/privacy-and-security/priv...

Most of the information relates to online marketing, which does tend to come with more GDPR compliance requirements. My wife runs a business through Shopify and the only thing we need to worry about is email addresses.

Can you help me understand what you see as the issues around GDPR compliance here?

link