undefined | Better HN

masom3y ago· 5 in thread

GDPR isn't really related to the infrastructure, and isn't a problem if you built your product knowing you'll need to conform. Shopify is GDPR compliant, for all merchants, and runs on Google Cloud in multiple regions.

revicon3y ago

There are specific requirements in Germany that require user data to not leave the country. I believe that was what OP was referring to.

pm903y ago

Genuine question: is knowledge on how to do this well known? Without that accessibility, I'm picturing folks operating in EU being unwilling to take the risk of not being compliant and just hosting everything in a single region.

unionpivo3y ago

GDPR is not some boogieman, it can be pain to do on existing products that were build pre GDPR, but if you are starting new project, being GDPR compliant is pretty straight forward and not hard/time consuming, unless you are explicitly trying to do something shady*

*privacy invasive that GDPR is explicitly set up to make harder, so duh

nr2x3y ago

They’re wrong.

nr2x3y ago

Privacy shield very much matters where your servers are. EU cracking down hard on extra territorial transfers in the past year with more to come.

Also, lots of companies assert GDPR compliance via magical thinking. They most often are wholly wrong. Shopify can say whatever they want, but there’s no certification body.

Source: I’m the person who evaluates and builds compliance systems for a range of services you almost definitely use.

soco3y ago

There are quite a few European regions, but we don't know how the others stand with their computing limits...

xwowsersx3y ago

Good point, I didn't think about that.

0 comments

0 comments