
GDPR: Smart Practices - _Tanya_
https://kruschecompany.com/blog/post/gdpr-smart-practices
======
ckastner
There's basically nothing in this article, and whatever there is, is
confusing.

For example: they keep referring to "sensitive data", by which they probably
mean Article 9 data [1], ie: data revealing racial or ethnic origin, political
opinions, religious or philosophical beliefs, etc.

That's only a _subset_ of GDPR data, and in my personal experience, rather the
exception than the norm. The norm doesn't seem to be discussed at all.

The UK's ICO Guide [2] is a much better guide.

[1] [https://gdpr-info.eu/art-9-gdpr/](https://gdpr-info.eu/art-9-gdpr/)

[2] [https://ico.org.uk/for-organisations/guide-to-the-general-
da...](https://ico.org.uk/for-organisations/guide-to-the-general-data-
protection-regulation-gdpr/)

~~~
richrichardsson
Yep, pretty awful. OP works for them :
[https://news.ycombinator.com/submitted?id=_Tanya_](https://news.ycombinator.com/submitted?id=_Tanya_)

~~~
robin_reala
That’s totally fine under HN guidelines.

------
lokedhs
The article begins with the following:

    
    
        "The new rules were developed in response to a dramatic
        increase in cyber attacks and are aimed at combating such
        attacks through the cooperation of state and commercial
        enterprises and organizations."
    

No, the rules are there to protect user's personal data. Not just from attacks
by external actors, but also from abuse by the companies who manage the data.

------
jve
> Meanwhile, if GDPR were in effect, Uber would be subjected to a hefty fine.
> If to be precise, up to EUR 20 million or 4% of annual turnover.

Is this true? I mean does GDPR punishes for breaches or does it punishes for
not following GDPR rules? I mean you can get hacked regardless of obeying GDPR
or not.

Alright, they could have been fined for not reporting breach - yeah.

~~~
al_ramich
Primarily the fines are for not following GDPR rules I believe. The fines are
well explained in the article below [https://www.i-scoop.eu/gdpr/gdpr-fines-
guidelines-applicatio...](https://www.i-scoop.eu/gdpr/gdpr-fines-guidelines-
application-penalties/)

------
bausshf
The title should be "GDPR: Not-so-smart Practices by someone who doesn't
understand GDPR"

