How to deal with new EU regulations? Barrer of entry considerations

[gileneusz]

Hi, as many other new 'fastlane newbies' I started to create my own social network website, or something kind of like that. I know it's nothing hi-innovative and has been done many times and so on. But however I want to make it better, and it seems that my current project stage is better than any competition layout/structure currently on my country (Poland) market.

And now: BAM! New regulations on collecting personal data is introduced in European Union (General Data Protection Regulation - Wikipedia).

How should I interpret it as a newbie on internet market? According to MF, internet is the best "marketing machine" to start any bussines. It does not need any down payment to start a website, you can learn how to code yourself and you've got access to the whole world wide web. Countless number of clients and so on.

You know what... not exactly - and this regulation will make any small business not profitable in European Union. In my opinion it's a lot harder to make it, if you need to meet so many regulation to secure private personal data and it's a lot harder comparing to big players that are currently on market. They have money to deal with these regulations, to hire a team of people that will make secure software, lawers to write long policies, expensive audits and so on. When you start your own company, you are probably broke, without money to pay all these people to secure your website.

What's your opinion?

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[Ritchie]

GDPR has these major differences as opposed to the current laws:

Clear consent
Companies must communicate clearly what data they collect, and for what purposes. They may no longer rely only on elaborate legislative texts (Terms & Agreements) that nobody reads.

Hacks and leaks
It becomes mandatory to report hacks and leaking of data to both the authorities as customers, within 72 hours.

Right to access
This has always been a right, in my country at least. I may ask what data you collected about me and you will have to answer to that.

Transferable data
I may ask for my data that you collected, and use this in any shape or form in my own systems or however else I like.
Right to be forgotten
All data that is no longer necessary for your core service has to be deleted per the consumer's request.

Privacy by design
This one I don't completely understand myself, but from what I take out of it, all companies that process data have to develop their systems and websites with privacy as top priority.

Data protection officer
Doesn't apply to most of us. All companies with more than 250 employees must have a dedicated person whose only task is privacy and monitoring internet safety.

---

Personally I don't think that these changes are as big as they are being presented. But I'm still in favour of this step. Trust is big selling point for users, hence beneficial for companies that supports it. If I had a cent for every time I heard someone say that they'd dump Facebook if there was an alternative that respects data and privacy (preferably through a paid subscription), I'd probably have €9,53 right now.

 

[gileneusz]

GDPR has these major differences as opposed to the current laws:

Clear consent
Companies must communicate clearly what data they collect, and for what purposes. They may no longer rely only on elaborate legislative texts (Terms & Agreements) that nobody reads.

Hacks and leaks
It becomes mandatory to report hacks and leaking of data to both the authorities as customers, within 72 hours.

Right to access
This has always been a right, in my country at least. I may ask what data you collected about me and you will have to answer to that.

Transferable data
I may ask for my data that you collected, and use this in any shape or form in my own systems or however else I like.
Right to be forgotten
All data that is no longer necessary for your core service has to be deleted per the consumer's request.

Privacy by design
This one I don't completely understand myself, but from what I take out of it, all companies that process data have to develop their systems and websites with privacy as top priority.

Data protection officer
Doesn't apply to most of us. All companies with more than 250 employees must have a dedicated person whose only task is privacy and monitoring internet safety.

---

Personally I don't think that these changes are as big as they are being presented. But I'm still in favour of this step. Trust is big selling point for users, hence beneficial for companies that supports it. If I had a cent for every time I heard someone say that they'd dump Facebook if there was an alternative that respects data and privacy (preferably through a paid subscription), I'd probably have €9,53 right now.

thanks for this summary, maybe it's not as bad as many people see it, but this asymetry on any startup profit vs possible penalties freaks me out...

 

[becks22]

I have had like 8 new contracts sent to me this week for the GDPR. Compliance is a major issue with me. Watching thread carefully. I've temporary stopped my marketing to the EU until I learn more about it.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[gileneusz]

UE is a cancer. BTW, it's quite funny that in this forum - there is a lot o discussion about theory, event-driven topic. Not so much about execution and real problems like this...

 

[zeema n]

UE is a cancer.

I cannot agree more to such statement.