There are many impractical things in GDPR, like this paradoxon: if a customer wants his data deleted, you need to delete all (beside legal necessary like invoices). You cant keep a minimal data for a suppression list. So your employees cant know that this person was deleted and might contact again. - ThreadSky

reklov.bsky.social • 9 days ago

There are many impractical things in GDPR, like this paradoxon: if a customer wants his data deleted, you need to delete all (beside legal necessary like invoices). You cant keep a minimal data for a suppression list. So your employees cant know that this person was deleted and might contact again.

Comments

reklov.bsky.social•9 days ago

The documentation needs you have are literally impossible to provide for small companies. I guess hundreds of thousands of companies (like restaurants, hair dressers, ... - they all also have customer data, hair dressers maybe even sensitive data) have no documentation, which is a breach of GDPR.

reklov.bsky.social•9 days ago

But the documentation is so complicated, that it is undoable for those small businesses. Ofc. large tech giants have hundreds of lawyers writing the documentation.

reklov.bsky.social•9 days ago

And that is not all, that is just a few issues. Data protection is crucial, no question, but GDPR is impractical and hurt SMBs. Because it was written with the large tech giants in mind only.

reklov.bsky.social•9 days ago

Dont make the same mistakes!

toolatetohandle.bsky.social•9 days ago

Respectfully, if you don’t want businesses to even have to be aware of the data they are processing then you are advocating a complete capitulation.

culturescout.bsky.social•8 days ago

I am curious to hear about this documentation that is holding businesses back.

reklov.bsky.social•8 days ago

For example: https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/ Every company that stores personal data (hair dresser, restaurant (table reservations)) needs to have this. Including paperwork with your vendors (like Microsoft, Google etc.) - how much influence you as small business have to get that done in the right way?

reklov.bsky.social•8 days ago

And one of the biggest issues: if your vendor (data processor) does sth. wrong, they can go against you as data controller instead. Google does sth. wrong, they go against you as SMB, because you are easier to reach. Cool, or?

reklov.bsky.social•8 days ago

Just because I think so many don't understand that: Lets say Restaurant uses vendor for online table reservations. The vendor does sth. against GDPR. Restaurant even does not know. Restaurant is at fault. Check out the Google Fonts GDPR issue: thousands of SMBs had troubles.

reklov.bsky.social•8 days ago

Why you think GDPR was the law, where so far most lobbying ever happened in Brussels? Do you believe the lobbying came from SMBs or from the tech giants? So do you believe it was written with SMBs in mind or in advantage for the tech giants? Often with MEBs even not understanding the backgrounds.

culturescout.bsky.social•7 days ago

Not even big multi national companies can negotiate with the likes of Google and Amazon, so you'll find that everyone is in the same boat. It sounds to me like you have either been badly advised or have not gotten proper advice on the GDPR requirements. Happy to chat further if you wish. Just dm me

reklov.bsky.social•7 days ago

Have you dealt with GDPR or are you just talking?

culturescout.bsky.social•7 days ago

And if you process low risk personal data like names/email addresses, you may never need to notify a data subject. Companies like the one you got the article from are trying to sell you something so of course they'll include as much as they can on the list.

culturescout.bsky.social•7 days ago

Don't take everything you read online as gospel, as a small business you can do without more than half of these documents and still comply with the requirements of the regulation. There is for example no where in the GDPR that requires you to have a consent form or even a breach notification form.

reklov.bsky.social•7 days ago

Official website: https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en

Sure, you can send it formless. However better you have a process in place.

I'd encourage you to do your research before you just say things. Ideology doesn't always help. Sorry that I broke the news to you, that GDPR was lobbied by big tech.

culturescout.bsky.social•7 days ago

I have done my research, I advise businesses daily on privacy and data protection. It's my job.

culturescout.bsky.social•8 days ago

Actually, the law requires you to keep a suppression list so that you know not to contact a person who doesn't want to be marketed to. Furthermore, the right to erasure is only absolute when it comes to direct marketing.

Comments

Posting Rules

Reply