In another week the GDPR, or the General Data Protection Regulation will become enforceable and it appears that unlike any other law to date this particular one has the interesting side effect of causing mass hysteria in the otherwise rational tech sector.
This post is an attempt to calm the nerves of those that feel that the(ir) world is about to come to an end, the important first principle when it comes to dealing with any laws, including this one is Don’t Panic. I’m aiming this post squarely at the owners of SME’s that are active on the world wide web and that feel overwhelmed by this development. A bit of background about myself: I’ve been involved in the M&A scene for about a decade, do technical due diligence for a living (together with a team of 8). This practice and my feeling that the battle for privacy on the web is one worth winning which has led me to study online privacy in some detail puts me in an excellent position to see the impact of this legislation first hand as well as how companies tend to deal with it.
The GDRP is not nearly as draconian or complex as people are scared into believing (mostly by people who conveniently also sell GDRP compliance services). Over the past few weeks and months, I’ve translated countless internal and external corporate documents about the GDPR from companies both big and small, for all kinds of sectors, many of which you know, and none of them are freaking out and none of them find this particularly difficult or complicated. Even a legal simpleton like me understands it just fine, and all I need to do is translate texts about it.