A) You are using personal data in good faith as part of and don't need a lawyer. Just reply. I work for an organisation at the larger end of the SME scale and wont be using a lawyer. Like I don't use a lawyer for routine contractual disputes like debt collection until the debtor refuses to pay.
B) You are walking a fine line and relying on the exact wording rather than the spirit of the law. You are not acting in good faith and trying to make money out of customer data. You need a consultancy firm and lawyers and you wont get any sympathy from me.
I'm not sure whether you are serious or this continues your repeated anti-EU comments on HN, Silhouette. I find it OT and I hope the moderators do to.
Option C is that the letter was written in bad faith, and the sender intends to "rely on the exact wording rather than the spirit of the law" in order to get me in legal trouble.
That's why the regulator can, must and will exercise judgement. They can't sue you for $bignum after getting your response, they can point the regulator towards you and claim that they've been abused, but if they are the abuser, then that's not going to fly.
Being the target of a government investigation is in and of itself an expensive process. You have to spend a bunch of time preparing your side of the story in exacting detail. You probably need to put a freeze on any changes which might make the regulator think you're trying to cover up previous misconduct.
And of course, if people find out out you're under investigation, a lot of people are going to just assume you did something wrong. You won't be able to fix that no matter what the regulators conclude.
I'm not sure whether you are serious or this continues your repeated anti-EU comments on HN, Silhouette.
To the extent that I am anti-EU in some respects, particularly around the areas of small businesses and excessive regulation, that is born of experience. As I have mentioned in previous comments, which apparently you might have seen, I have been on the wrong side of EU rules being over-zealously applied before, and I have been on the wrong side of a government regulator that is for most practical purposes above the law making a mistake before. Some things that some commenters tend to dismiss as hypothetical, I know from direct personal experience to be real threats, and I will challenge bad laws that allow scope for such threats to exist.
I find it OT and I hope the moderators do to.
I'm sorry that you feel censorship is a useful response to someone with different experience and views to your own. I like to think that HN is a forum where people can discuss such differences of opinion openly and intelligently.
No, the threat is having rules that are ambiguous and subject to interpretation by regulators with the power to at minimum cause serious disruption through a formal audit and at maximum impose fines that pose an existential threat to a small business.
And as I said elsewhere, if you think that threat is imaginary, please look at how many different national tax authorities have started large numbers of incorrect claims procedures against small businesses who had done nothing wrong just because the officials made mistakes with the new VAT rules and got their own records in a mess.
A) You are using personal data in good faith as part of and don't need a lawyer. Just reply. I work for an organisation at the larger end of the SME scale and wont be using a lawyer. Like I don't use a lawyer for routine contractual disputes like debt collection until the debtor refuses to pay.
B) You are walking a fine line and relying on the exact wording rather than the spirit of the law. You are not acting in good faith and trying to make money out of customer data. You need a consultancy firm and lawyers and you wont get any sympathy from me.
I'm not sure whether you are serious or this continues your repeated anti-EU comments on HN, Silhouette. I find it OT and I hope the moderators do to.