undefined | Better HN

0 pointsthayne2y ago0 comments

>if you don't store more data about users than absolutely needed for essential functionality, GDPR isn't affecting you.

Except you need to completely delete all data for users who close their account. Need to have a data protection officer, and need to have a way to give users all the data you have from them upon request. All of which can be a significant burden for small companies, or non-commercial websites.

0 comments

diggan2y ago

> Except you need to completely delete all data for users who close their account. Need to have a data protection officer, and need to have a way to give users all the data you have from them upon request. All of which can be a significant burden for small companies, or non-commercial websites.

Well, you're a good example about people misunderstanding GDPR :)

If you're a small company and processing data isn't a core part of your business and whatever the business does doesn't create risks for your users, there are parts of GDPR you don't have to care about, for example you don't need to have a DPO in that case.

GDPR is meant to protect users from businesses that are harvesting users data, in order to gain a bit of privacy back. It's not for your tiny SaaS that only requires a email to use and you collect no analytics about users.

j / k navigate · click thread line to collapse

0 pointsthayne2y ago0 comments

>if you don't store more data about users than absolutely needed for essential functionality, GDPR isn't affecting you.

0 comments

diggan2y ago

Well, you're a good example about people misunderstanding GDPR :)

j / k navigate · click thread line to collapse