Small companies have less code and complexity but don't have internal resources specialised in law, security and web development available to fix things.
They usually also don't have the money to bring outsiders to do it for them.
> Small companies have less code and complexity but don't have internal resources specialised in law, security and web development available to fix things.
When you clamp all those things together, this sounds like a great burden. Please tell me, how these poor small businesses comply with, you know, actual laws, rules and regulations that they have to comply with? By breaking them?
GDPR for small businesses is much easier because small businesses depend on much less data, and often don't even need to collect any (much less sell it to third parties).
> When you clamp all those things together, this sounds like a great burden. Please tell me, how these poor small businesses comply with, you know, actual laws, rules and regulations that they have to comply with? By breaking them?
Most of the time they don't.
Ever wonder why food health and safety inspections discover serious issues in basically all restaurants they inspect?
It's because people owning and operating restaurants usually aren't knowledgable enough about these topics, don't have the time or don't have the money to things differently or all three at the same time.
Most restaurants stay in business because the inspection are generally pretty lenient (issue warnings and don't close the business down) and are also understaffed compared to the number of businesses that have to be inspected.
This is a simple example and I'm purposefully targeting a part of the law (food health and safety) that is directly linked to the core business (restaurants).
I'm not even going into issues that could be found in other areas (accounting, human resources, etc.) of said business.
Now let's try to imagine how a restaurant is going to approach GDPR compliance.
> Ever wonder why food health and safety inspections discover serious issues in basically all restaurants they inspect?
As a person whose mother has worked at restaurants for over 40 years, and whose best friends owned a restaurant for close to 20, I can tell you that those "serious issues" and "all restaurants" are FUD.
> Most restaurants stay in business because the inspection are generally pretty lenient (issue warnings and don't close the business down)
So you write this ^. And then you immediately go on to write this:
> Now let's try to imagine how a restaurant is going to approach GDPR compliance.
It will be the same: they will get it wrong the first time, get issued a warning, fix it, and carry on.
Don't forget that those poor hapless restaurants also have to deal with:
- handling money
- taxes
- accounting
- labor laws
- zoning regulations
- smoking regulaitons
- fire regulations
- contract laws (becuase they have contracts with many external parties)
And this is why your "most of the time they don't comply" is bullshit is that they do comply, most of the time. And when thry don't, they get issued a warning, fix their shit, or go out of business. This is no different.
And yeah, small business (or any business for that matter) really has no business collecting my private data, and selling it to third-parties.
> As a person whose mother has worked at restaurants for over 40 years, and whose best friends owned a restaurant for close to 20, I can tell you that those "serious issues" and "all restaurants" are FUD.
"Among restaurant inspections with a total score of >80, at lease one critical violation was cited in 44% of those inspections"
Now imagine which percent of restaurants would fail if we also included failures to comply in other subjects?
> It will be the same: they will get it wrong the first time, get issued a warning, fix it, and carry on.
No, they will most likely never be inspected because there are far too many businesses to control and thus will never implement or fix their practices.
> And yeah, small business (or any business for that matter) really has no business collecting my private data, and selling it to third-parties.
They have just as many rights to do it as large companies
> Now imagine which percent of restaurants would fail if we also included failures to comply in other subjects?
And your point to all this is?
> No, they will most likely never be inspected because there are far too many businesses to control and thus will never implement or fix their practices.
Funny how it's not far too many for the heath inspectors, and tax agencies, and ...
> They have just as many rights to do it as large companies
Exactly: zero. Edit: that is, zero right to collect any personal data beyond what they need for the service. And definitely no right to siphon and sell it to others with reckless abandon.
Small businesses are already not able to comply to core business regulations so obviously they won't have the time and resources to comply with the GDPR compared to large companies that have specialised in-house talent and financial means to do so.
> Funny how it's not far too many for the heath inspectors, and tax agencies, and ...
It absolutely is.
Taxes are basically based on people voluntarily complying because there are absolutely not enough inspectors to detect most frauds.
> Exactly: zero. Edit: that is, zero right to collect any personal data beyond what they need for the service. And definitely no right to siphon and sell it to others with reckless abandon.
That is your opinion and it doesn't match what the law allows for.
It's easier for small businesses to comply with GDPR.