
Ask HN: Is GDPR the end of side projects? - arisAlexis
I am reading GRPR.eu because I have a side project that is ready to launch. The site is daunting and the penalties are high. Even though there are some templates to put on the website, the general gist of it is that you need to have specifically appointed and trained Data Officers (you) that take care of them, you need to put 2FA everywhere.<p>Another example is &quot;The existence of an automated decision-making system, including profiling, and information about how this system has been set up, the significance, and the consequences&quot;.<p>As the fines are not tiered with the number of users or how big the company is, small side projects that could potentially (doesn&#x27;t matter if the probability is small) face millions of euros of fines are not worth the risk any more of making experiments.
======
bryanrasmussen
I think small side projects that will need to store personal information about
users will be ended.

------
moviuro
GDPR is not about preventing innovation, it's about basic ethics: you don't do
whatever you want with personal data.

1\. Clear opt-in for customers regarding Personal Data Manipulation that is
not necessary for your service (e.g. advertising tailoring, sending the
personal data of your customers to third-parties, etc.); don't collect data
you don't need.

2\. Notify when breached.

3\. Don't collect data you can't protect. Negligence is just as badly punished
as doing shady deals.

4\. Export/Delete my data/account button.

That's it. You may also want to anonymize logs (hide IP addresses 123.45.xx.89
for example), hash the passwords (as should always be), use HTTPS, etc.

I can give you a few more pointers if you describe your project a bit more.

------
entity345
As I commented previously, most of the GDPR has already been law in the EU for
years.

For most (side) projects, if not all, very little has changed.

What is happening is that people are in fact discovering the law because of
the noise around the GDPR.

------
xolorg
No

------
barry-cotter
Just geoblock the EU if you’re worried

~~~
arisAlexis
I live in it

~~~
barry-cotter
So? No one is going to give a monkey’s about your tiny side project and if
they do you can get around to doing GPDR mitigation after you’ve been
profitable enough to quit your job for a year. Then you can unblock the EU.
There are not infinite enforcement resources and the chances of anyone coming
after a tiny company are minuscule. If you geoblock the EU they’re
nonexistent.

