Hacker News new | comments | show | ask | jobs | submit login
Ask HN: Business opportunities for GDPR
5 points by a_imho 10 months ago | hide | past | web | favorite | 4 comments
GDPR[1] is less than six months away from being enforceable. What are some (technology) businesses that could spring from it coming into effect?


The legislation is largely consent driven. I.e. companies will still be able to do whatever they want but it'll require quite granular user consent.

I expect that there will be a rush to re-obtain consent from users in the last few months before GDPR kicks in. Look to Google for how this is done well.

IMO, it'll be good for the "preference center" applications and there will be an expansion in business for them. It'll be very good for consultancies on two fronts:

1. Compliance.

2. Data science - Namely, how to organise a DS operation around aggregated as opposed to personalisable data.

I'm interested in that myself and would love to specialise in that area.

I guess, first of all, it depends on how serious companies will take the regulation and how strict it will be enforced by the regulator. Will we see headlines about penalties next year?

I expect consulting need for DevOps/security/law. Companies that already help out with HIPAA and the like are probably in the best position.

Speaking from experience -- GDPR is a huge issue basically for everyone in the Financial sector (banks, insurance, etc.) and projects to address that started two years or one year ago. Now they are usually rolling their solution into production.

Our company is doing several GDPR consulting projects, with final delivery date around March. The interest from the companies on GDPR consulting has really decreased in the past months.

As an individual, you may consider a DPO (Data Protection Officer) role for several companies -- these are usually too small to have a dedicated person, but they need it according to GDPR. No formal education or certificates required, however you do need to know the law and technical things on a reasonable level.

it depends on how serious companies will take the regulation and how strict it will be enforced by the regulator

Indeed, hopefully it won't be another cookie law, this time notifying users they need to forfeit their rights granted by the GDPR to access the site.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact