Hacker News new | past | comments | ask | show | jobs | submit login

I know we've lost business because of it. We're a US company but a lot of our customers are gigantic multinationals and becoming fully compliant would reveal some IP that would be disasterous if it became public.



How would that happen? Companies don't have to provide all data stored about users if they have valid reasons not to do so. If certain elements could expose IP, this should be a valid reason. And most data can be reformatted to not expose any internal structures.

It's honestly the first case where I heard that and I've been working with companies to become compliant since the start of the year (many still struggle to be fully compliant). Could you elaborate a bit?


This is an interesting angle that I've never considered. I know that you likely can't talk about it but how could complying with GRPR expose IP?


I'm imagining some sort of novel data structure or schema. If a customer requested their data, you'd have to divulge the schema as well.


You are not obligated to provide the data in the way it has been structured at your company. You are obligated to provide it in a machine-readable format, and that is where the provisions end. It can be any format you want and can contain the information in any way that you like, as long as it's all there.


perhaps there's a score or some other proprietary statistic that is technically user data but is not surfaced to the user. If the score is a function of other pieces of supplied user data then perhaps they're worried about leaking a proprietary formula.

This is starting to sound a bit thin, so I'm not really sure what this guy is talking about.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: