Comment by mnau

Comment by mnau 10 months ago

2 replies

View on Hacker News

You can serve consent form only to the connections from EU.

I have been part of se several GDPR compliance projects and it's the other stuff that's the problem.

Data protection officer (recurring cost, even though it is only a part of a job, not full time position) , user data deletion and user data take-out. Compliance is not free. If system wasn't designed from the beginning, it's really expensive to add it.

Restore from backup after disaster recovery - make sure you anonymize/delete people who were deleted after backup was made.

BTW, IP address is PII, so...

Honestly, it would be cheaper to buy everyone in EU VPN.

janc_ 10 months ago

It's actually very simple & cheap to be compliant: stop tracking EU citizens.

Reply View 0 replies
GTP 10 months ago

> You can serve consent form only to the connections from EU.

Why? While I get that, if tracking is part of someone's business model, they want to track as many people as possible, I doubt it would be illegal to give also people that aren't in the EU the option to not be tracked. If it really would be so expensive to be compliant while also differentiating between users connecting from the EU and users connecting from outside the EU, why not just give everyone the option to choose if they want tracking as a measure to cut compliance cost?

Reply View 0 replies