undefined | Better HN

0 pointsbrador7y ago0 comments

The goal of GDPR is compliance not punishment. So long as you are eventually following the rules it’s all ok.

0 comments

Yes, compliance is the goal.

However, the rules are vague enough to be interpreted in other ways as well. If some authority decides to make an example of pesky local startups for whatever reason there is little that prevents them from doing so. Remember, both the actual implementation and the enforcement of the regulation lies with the EU member countries, which even might decide to further devolve that responsibility to a local level.

Moreover, in the past similar regulations such as the legal notice requirement for websites in some EU member countries were abused by shady lawyers who specifically target small business that supposedly don't comply with these rules.

Angostura7y ago

Give me an example of an overly vague rule.

BjoernKW7y ago

GDPR requires companies to use “state-of-the-art measures” to protect personal data, which is intentionally vague because the state of the art obviously changes over time.

However, who will decide what the state of the art actually is at any given time? Politicians, lawyers, competitors, actual IT experts? The latter don’t commonly work for either EU or local authorities.

Because the laws are implemented by each EU member state that state of the art might even differ depending on whether you’re located in, say, France or Germany.

j / k navigate · click thread line to collapse

0 comments

BjoernKW7y ago

Yes, compliance is the goal.

Angostura7y ago

Give me an example of an overly vague rule.

BjoernKW7y ago

GDPR requires companies to use “state-of-the-art measures” to protect personal data, which is intentionally vague because the state of the art obviously changes over time.

Because the laws are implemented by each EU member state that state of the art might even differ depending on whether you’re located in, say, France or Germany.

j / k navigate · click thread line to collapse