undefined | Better HN

0 pointsryanwaggoner7y ago0 comments

How could this possibly be true?

You claim to know a lot about the GDPR, I’m not sure my business is compliant. Can you take a look and tell me?

What’s that called if not an audit?

0 comments

An audit without certification will never give you anything that you could not have come up with yourself. So feel free to buy a GDPR audit but realize that you are just buying an opinion.

tripletao7y ago

In the USA, the word "audit" is used to describe any process by which a company tries to determine if it's in compliance with some set of rules. Sometimes that process has special legal consequences, but it usually doesn't. The final deliverable is often literally called an opinion.

No lawyer or accountant has ever given me anything that I couldn't have come up with myself, with sufficient study. I still paid them, because the law is very complex and I have other things to do with my time. That's how any country with a nontrivial legal system works.

You seem to have great confidence that you understand how the GDPR will be enforced. I'd suggest that:

1. Not everyone knows as much about EU law as you do. This is especially true for people who don't live in the EU.

2. You might be wrong. Maybe GDPR compliance really is dead simple, and the lawyers who keep answering "it depends" are just cheating their clients; but from my experience in complying with similarly complex regulations, I wouldn't bet 20M EUR that's the case.

j / k navigate · click thread line to collapse