cross-posted from: https://lemmy.zip/post/52834195
“If adopted, these amendments would not simplify compliance but hollow out the GDPR’s and ePrivacy’s core guarantees: purpose limitation, accountability, and independent oversight,” Itxaso Dominguez de Olazabal, from the European Digital Rights group, told EUobserver.
The draft includes adjustments to what is considered “personal data,” a key component of the GDPR and protected by Article 8 of the Charter of Fundamental Rights of the European Union.
Yyeeaa as if these small companies are the ones that yelled in favor of this. The lady at my local grocery shop always told me how it would be easier for her to do her job if this change in GDPR made it through…
It actually is a problem for small businesses, especially start ups. Not agreeing with the approach but the GDPR law is extremely complicated to find your way around - talking from experience. Support the idea, implementation could be better.
well yeah in my personal environment, the people i talk to IRL, lots of people complain about the supposedly overly-strict GDPR rules and about the fact that it makes management quite a bit more challenging, because they have to be careful about what information to put/share where. Like, even if you make a public google sheets document as a calendar for a small company/school where a group of people can enter their email addresses, that’s already a GDPR violation, because personal data becomes accessible by other people. As a result, you theoretically would need very elaborate custom-forms, where only you can enter information but nobody else can see it. It’s a hell of a lot of work, IMHO. So yeah, people have semi-meaningfully complained about it.
Yeah, that’s not it.
There’s this thing known as consent and purpose. For a GDPR violation, you need to lack either.
When your job has a noticeboard of names, emails and birthdays, they probably got your consent to post it up there. They didn’t get consent to post it onto Facebook.
Yeah, sharing a photo can be a GDPR violation. Because you need to prevent unneccessary processing of data. Like what Facebook does. That’s why most places require you to sign a waiver to allow photos and similar stuff being posted online.
It can be a lot of work. But so is writing a contract. You can’t just do some stuff willy-nilly, and for a good reason.
That being said, the GDPR is mostly unenforced. What it means in practice is “don’t ask, don’t tell”. Meaning, if you keep the info you do have under wraps, you should be fine. Just don’t go whoring your customers’/employees’ info out to your 18 356 “data partners”. Bonus points for having an “Accept All” and “More Options” button, but no “Reject All”.
1st prize for those whose “Reject All” doesn’t encompass “legitimate interest”.
What. Google forms exist. It’s really not that difficult. And also, you can just have them agree to share their emails with each other??