GDPR: Do you think they will come after small sites? Thoughts?

  • Thread starter Thread starter Deleted member 1024843
  • Start date Start date
I can say so much: In the casinos everyone goes crazy for it now. They will come after everyone who operates in the EU, doesnt matter if small or big. It is just a matter of time. You should be prepared and find ways to go around it, depending on your type of business, or update your website if thats your income

Why would someone go around it? Boss they're like the white walkers and they're coming for everyone and GDPR policies on our site is our dragon glasses and it's better to be prepared rather than slaughtered
 
Why would someone go around it? Boss they're like the white walkers and they're coming for everyone and GDPR policies on our site is our dragon glasses and it's better to be prepared rather than slaughtered

I agree, it is better to be prepared. But You can not deny that many people are looking for ways to go around it, especially when it comes to affiliation. And I wouldn't be surprised if someone one day will find ways to do it successfully.
 
There is so much misinformation about GDPR that sites like this spread.

First, the law only relates to personal information about EU citizens or residents. If what you're doing doesn't identify someone, then you don't have to do anything about it for GDPR.

Second, there is no special treatment required for cookies. They are as important or unimportant as collecting personal data with pen and paper. If you use cookies that use personal data, then you should disclose that type of data (you don't have to list every field), why, and which of the six justifications for use you're using. You don't need special cookie policies and you don't need to list every cookie and its attributes in perfect detail. You have the choice of doing so, and some people might argue that it is good to do so, but its not required by law.

Thirdly, there are six grounds for processing data. Consent is one. Just one. There are five others.

In a lot of situations, you don't need permission to use data. You just need to decide which of the other five grounds justifies you using it.

Fourthly, if a data subject asks you to do something, you don't have to do it if you have a good reason. If someone asks you to delete all information, you can refuse if you're a business for example, because you might need that data for another reason (such as to comply with other law, such as tax law). There are all sorts of examples.

Lastly, the regulation itself provides for weakening of the policing for small businesses. The supervisory bodies have said that they will not issue fines before first issuing warnings. And most supervisory bodies, as pointed out here, are understaffed and under-funded. They'll go after Facebook, not $100 a month affiliates.

Download a good privacy policy template (if you deal with data of EU citizens), and show that you've made an effort to comply.
 
There is so much misinformation about GDPR that sites like this spread.

First, the law only relates to personal information about EU citizens or residents. If what you're doing doesn't identify someone, then you don't have to do anything about it for GDPR.

Second, there is no special treatment required for cookies. They are as important or unimportant as collecting personal data with pen and paper. If you use cookies that use personal data, then you should disclose that type of data (you don't have to list every field), why, and which of the six justifications for use you're using. You don't need special cookie policies and you don't need to list every cookie and its attributes in perfect detail. You have the choice of doing so, and some people might argue that it is good to do so, but its not required by law.

Thirdly, there are six grounds for processing data. Consent is one. Just one. There are five others.

In a lot of situations, you don't need permission to use data. You just need to decide which of the other five grounds justifies you using it.

Fourthly, if a data subject asks you to do something, you don't have to do it if you have a good reason. If someone asks you to delete all information, you can refuse if you're a business for example, because you might need that data for another reason (such as to comply with other law, such as tax law). There are all sorts of examples.

Lastly, the regulation itself provides for weakening of the policing for small businesses. The supervisory bodies have said that they will not issue fines before first issuing warnings. And most supervisory bodies, as pointed out here, are understaffed and under-funded. They'll go after Facebook, not $100 a month affiliates.

Download a good privacy policy template (if you deal with data of EU citizens), and show that you've made an effort to comply.

Best post which are the five other than content, so I just say I use cookie to make user site experience like how it normally was that will do right?
 
The ones most likely to be relevant are:

  • contract - if a contract exists between the data subject and the processor
  • legitimate interests - there is some benefit to someone of processing the data, and it is reasonable to think that the data subject wouldn't be harmed by the processing
  • legal obligation - some other law requires the processing
First, are you in the EU. The EU pretends it can impose its law on everyone, but actually it can only impose it on EU citizens and businesses.

Second, are you processing personal data? If I visited your site, could you tell that it was me? Could any of the data be attributed to me? If not, GDPR doesn't apply, so you don't need to do anything.

If you proces personal data and you're in the EU, then you simply need to choose one of the bases for processing. Lots of sites ask for consent. Thats fine. But you can process under legitimate interests (which might be developing your site to provide a better user experience, and therefore more profit for you). You need to balance that against the data you collect about the individual, and what harm it would do if anyone else misused it.

Your cookie for user experience isn't likely to be collecting sensitive information (like my bank account details or my medical history) nor is it going to collect much data about me (not like Facebook does). If anyone got hold of that data, I'm unlikely to be seriously harmed. So (and it is your judgment) a user experience cookie could probably be reasonably processed under legitimate interests.

https://ico.org.uk/for-organisation...on-legitimate-interests/#marketing_activities
 
First, are you in the EU. The EU pretends it can impose its law on everyone, but actually it can only impose it on EU citizens and businesses.

This. So much this. The EU does not have jurisdiction over me, as an American citizen. They can send me all the nasty letters and emails they want. I'm not an EU citizen, therefore the GDPR is not my concern. They can't do shit to me.
 
I think simple blogs won't be affected by the GDPR. Especially if the blog is just a blog and does not collect any date. If I'm wrong please correct me.
 
Even a blog gathers information, the access log on the Webserver (yes the IP is personal data). Or if you use google fonts (hosted by google) you submit ip addresses and resolution to google,...

But the whole thing is not made to hunt little blogs so i am pretty sure you won‘t be the first one who will have a appointment with the EU.
 
This. So much this. The EU does not have jurisdiction over me, as an American citizen. They can send me all the nasty letters and emails they want. I'm not an EU citizen, therefore the GDPR is not my concern. They can't do shit to me.
If you have visitors from the EU then it applies
 
This. So much this. The EU does not have jurisdiction over me, as an American citizen. They can send me all the nasty letters and emails they want. I'm not an EU citizen, therefore the GDPR is not my concern. They can't do shit to me.

Correct. An EU does not have jurisdiction over you, however much it would like to have, without the agreement of your own government.

The only way it can fine you is if you have a subsidiary business based in an EU member state. But it is highly unlikely that anyone will be fined unless there has been a huge sensitive data breach (think FB and Cambridge Analytica) before being warned and given time to improve.

Certainly small business owners are unlikely to be fined straight out.

As a side note, the authorities responsible for enforcing the law aren't a centralised EU body, but rather individual member state government departments.

The supervisory body one member state isn't going to start enforcing GDPR on a business based in another member state. They'll leave it to the local supervisory body.

Extrapolating...even if EU law could be applied to everyone in the world, which EU member state would want to spend the time and money trying to enforce it outside of their legal jurisdiction.

Even a blog gathers information, the access log on the Webserver (yes the IP is personal data). Or if you use google fonts (hosted by google) you submit ip addresses and resolution to google,...

But the whole thing is not made to hunt little blogs so i am pretty sure you won‘t be the first one who will have a appointment with the EU.
GDPR only applies to personal information - information that can be related to a specific individual.

It would be very unlikely that you could tell me exactly who is using an IP address. In conjunction with other information, possibly, but unlikely with just weblogs.
 
Last edited:
Hit by paying fines. Mostly it depends on your country where you are from.

Basic GDPR was modified by some parliaments. Also the Regulation with mistakes differs from country to country. For example Germany is pretty heavy, when Austria modified the GDPR rules in favour of the "local" business.

So it depends
regulation about taxes
 
Well, law is law.
But to compare the laws about the streaming and illegal download that EU made, EU can't do anything (not enough staffed, not skilled stuff,...), I'm not so worried.
All the movie and music industries are crying to make EU law, and almost nothing is happening in that case...
So who care about this law ....
 
Back
Top