I see a lot of discussion around GDPR being onerous to implement, but after diving deeper I think it is good, common-sense regulation. Prevents a lot of dark UX patterns (bad privacy defaults, no way to delete account, etc.).
-
-
Which aspects of the law have been hard to implement? I feel like the right to a copy of your data is the most difficult for smaller businesses.
-
The biggest issue is the transitiveness. If someone asks us to delete their data, we need to delete it from external services. It's also hard to figure out whether we're required to purge IP address-correlated info from services, and I don't even know if that's possible for us.
-
I feel frustrated that the big companies seem to be taking an attitude of "wink wink we can probably evade this with enough tricks" while I'm sitting here paying expensive lawyers to figure out what the rules even are.
End of conversation
New conversation -
-
-
That's not an uncommon problem with regulatory schemes tho. We have developed carve-outs for small biz in Securities, Finance, etc etc. I would hope as the scheme evolves that something right-sized for growing companies is developed.
-
They think they're doing so, but the language about when small businesses are implicated requires huge amounts of effort to figure out and small businesses can afford to take fewer risks with compliance. So we're implicated anyway.
-
Could be wishful thinking but I have a feeling downstream companies will develop processes/endpoints specifically for compliance in the imm future. My hunch is regulators will make examples of larger players who do not comply before going after small bizs. Agree, still spooky tho
-
Right, you'd expect that and it will probably be true. But as a small business if someone goes after me it's game over, so if I'm gonna comply I'm gonna do it right.
-
The spookiness comes from big European customers much bigger than we are who need us to become compliant. And asserting compliance basically means we're on the hook if an audit of the bigco finds a problem with us.
-
Seems like a lot of uncertainty arises from the culpability of third-parties, which has yet to resolved in court— I don’t think the law’s intent is to push out small biz from the market. Don’t mean to brush concerns aside but I’m default positive + believe it’s net positive
-
I understand this perspective and think it's what bigcos are doing. But I think the uncertainty issue is real and a consequence of the way the legislation was written and implemented. I don't know where to draw the line on "this will get worked out in court later" when impling
End of conversation
New conversation -
-
-
Have you talked about this at length elsewhere?
-
No, but good idea.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.