Hacker News new | past | comments | ask | show | jobs | submit login

> Every single company on that list deserved to die.

Hi, I'm Brent Ozar, the cofounder of the first company in the list. (Ah, the joys of alphabetical sorting.)

I've written a big long post[1] about why we stopped selling to the EU, but here's the short story: the EU only represented 5% of our revenue, and for that small of revenue, I wasn't prepared to risk the GDPR's fines if any one of the third party tools we use had a problem.

During our GDPR prep with our attorneys, it was completely clear that the third party app ecosystem was in no way ready for GDPR enforcement actions. For example, we use WordPress and WooCommerce to sell online training classes. I'm a database administrator, and I know dang well that WP and WC aren't encrypting student data at rest, nor do they encrypt the other fields where people put student data - let alone how some of the plugins handle student data by storing it in the posts table, which was never designed to handle that kind of thing. If I had to face EU officials, I could never say with a straight face, "Oh yes, I was completely confident in WordPress's abilities to keep customer data secure."

I have confidence that someday, apps like WP and WC will have a better GDPR compliance story that doesn't just meet the bare letter of the law, but also the spirit. When they do, I'll be all about selling to the EU.

I'm doing the preparations that I can - for example, we've got a Privacy Policy that lays out our interactions with other partners, and lets EU folks request their data & delete it.

However, this is just the life of a small bootstrapped business: sometimes, you gotta make choices to focus on your best customers. 5% of my customers were threatening me with regulatory action that might result in huge fines if I let a ball drop. Unfortunately, I only have so many hours in the day. If I have the choice between doing regulatory paperwork for 5% of my customers, versus adding more value for 95% of my customers, I gotta make the obvious choice.

[1] https://www.brentozar.com/archive/2017/12/gdpr-stopped-selli...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact