undefined | Better HN

0 pointsMsurrow8y ago0 comments

Well thats because you dont understand GDPR. If the company doesnt conduct any business in EU - or more correctly with EU private persones - then GDPR doesnt apply to the company. It also doesnt apply for any Business-2-business relations.

GDPR only applies if you are providing a service to a EU citizen. That also explains what EU will do if a company doesnt comply with GDPR (where it should); they will stop the company from providing those services to the EU citizen.

This is also why blocking EU traffic doesnt make you GDPR compliant (I can use a vpn or visit your site when travelling, and then you are still providing a service to a EU citizen).

If the case really is as you say, with just serving http request, then you have no issue with being GDPR compliant, because you dont store and information about the EU citizen. If however you are not just serving http requests, but track the user or otherwise store information on the site visitor, then you may have GDPR issues. But if you do store data about your users, you really should treat the data correctly.

GDPR is common sense, and if you bother to understand it correctly, its fairly easy to be compliant. Though I’d say, the bigger the company the more complex the implementation.

0 comments

1 comments · 1 top-level

mychael8y ago

You're mistaking GDPR's intent with its implementation, an error that lots of people are making.

As Americans we're particularly sensitive about having to follow rules made by people who don't represent us and are not accountable to us. This is a totally fair and justifiable reason to be against GDPR even if you agree with its objectives.

1 more reply

j / k navigate · click thread line to collapse