Hacker News new | past | comments | ask | show | jobs | submit login
GDPR: Smart Practices (kruschecompany.com)
31 points by _Tanya_ 7 months ago | hide | past | web | favorite | 9 comments

There's basically nothing in this article, and whatever there is, is confusing.

For example: they keep referring to "sensitive data", by which they probably mean Article 9 data [1], ie: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, etc.

That's only a subset of GDPR data, and in my personal experience, rather the exception than the norm. The norm doesn't seem to be discussed at all.

The UK's ICO Guide [2] is a much better guide.

[1] https://gdpr-info.eu/art-9-gdpr/

[2] https://ico.org.uk/for-organisations/guide-to-the-general-da...

Their own "allow tracking" popup is also "illegal", it defaults to allow.

I've seen a bunch of similar articles, and it's the lawyer approach to GDPR and data protection in general. They attack the problem from the angle that you want to continue doing what you've always been doing, while staying within the law. What's the same approach sites that just block the EU has opted for, they don't particularly care to reevaluate their usage of their users data.

Yep, pretty awful. OP works for them : https://news.ycombinator.com/submitted?id=_Tanya_

That’s totally fine under HN guidelines.

It reads like the kind of article that was doing the rounds a year ago.

The links you've added are very good and I would include the ICO's self-assessment toolkit, which is a useful guide:


The article begins with the following:

    "The new rules were developed in response to a dramatic
    increase in cyber attacks and are aimed at combating such
    attacks through the cooperation of state and commercial
    enterprises and organizations."
No, the rules are there to protect user's personal data. Not just from attacks by external actors, but also from abuse by the companies who manage the data.

> Meanwhile, if GDPR were in effect, Uber would be subjected to a hefty fine. If to be precise, up to EUR 20 million or 4% of annual turnover.

Is this true? I mean does GDPR punishes for breaches or does it punishes for not following GDPR rules? I mean you can get hacked regardless of obeying GDPR or not.

Alright, they could have been fined for not reporting breach - yeah.

Primarily the fines are for not following GDPR rules I believe. The fines are well explained in the article below https://www.i-scoop.eu/gdpr/gdpr-fines-guidelines-applicatio...

The title should be "GDPR: Not-so-smart Practices by someone who doesn't understand GDPR"

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact