undefined | Better HN

0 pointsSilhouette7y ago0 comments

All you have to do to comply with it is be clear and direct when collecting personal data, and make a record of the permission granted.

It appears that you also need to have been all of those things, as far back as you've been collecting personal data, even if no such requirements existed at the time. Organisations might not be in that position even if they followed accepted good practices when signing people up to their lists, so the GDPR may have unintended consequences here.

0 comments

DanBC7y ago

That requirment has existed in the EU since 1995.

SilhouetteOP7y ago

Please stop spreading misinformation. Things are changing with the GDPR.

In particular, the consent requirements are significantly stronger under GDPR than under either the 1995 directive itself (95/46/EC) or the implementations of that directive in various member states.

Organisations that followed reasonable and honest practices at the time of collecting personal data, for example when setting up a mailing list, could still find themselves out of compliance under the new rules.

TheCoelacanth7y ago

It has only changed for people who were playing stupid games with what consent means, like interpreting scrolling past an already checked checkbox as consent when it was clearly nothing of the sort. If you were being clear and direct with users about what they were signing up for, then you have nothing to fear from GDPR. I don't have any sympathy for business who were complying with the letter of the law while finding any excuse they could to subvert the spirit of the law.

1 more reply

j / k navigate · click thread line to collapse