undefined | Better HN

0 pointsmajewsky7y ago0 comments

Most of the rules in GDPR apply only to personally-identifiable information that is not strictly required for business operations. The law recognizes that, when you want to ship some goods to a customer, you will have to process and store their address, and no opt-in is needed because the customer explicitly gives that information to you.

Explicit opt-ins are only required when you record personally-identifiable information surreptitiously, or share these information with other parties.

0 comments

AnthonyMouse7y ago

> Most of the rules in GDPR apply only to personally-identifiable information that is not strictly required for business operations.

I'm sure there are some provisions intended to help out smaller entities. But the compliance cost is the cost of understanding the legislation so you can comply with it. You still have to pay it even if it turns out not to apply at all -- because you can't know that until you go through all of it first.

j / k navigate · click thread line to collapse

0 pointsmajewsky7y ago0 comments

Explicit opt-ins are only required when you record personally-identifiable information surreptitiously, or share these information with other parties.

0 comments

AnthonyMouse7y ago

> Most of the rules in GDPR apply only to personally-identifiable information that is not strictly required for business operations.

j / k navigate · click thread line to collapse