Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If your businessmodel does not allow for the proper dealing with the information it collects you shouldn't be in business in the first place.


issue isn't the business model, is the size. For a large company, handling GDPR is trivial. For a startup or small company, the cost is prohibitively high.

I'm not arguing for or against it, just pointing that the resulting unintended consequence is protecting large companies. Exactly the opposite of the original intent.


> For a startup or small company, the cost is prohibitively high.

Nonsense. I look at another high tech data driven start-up every week and not a single one has stated that the GDPR costs are 'prohibitively high'. Sure, there are some that need to do more work than others (medical, ad tech). But on the whole companies that were already doing their best to not fuck up with their customers data have very little to do in order to get to where they should be and the remainder has a bit more work but will mostly likely be more-or-less compliant by the 25th and what work remains will be done long before the eye of Sauron will turn their way by virtue of their size.

The cost is strongly related to the size of the organization and the amount of sensitive data you hold as well as whether or not you were a bad steward of the data in the past.


I'd go as far as saying that if you responsibly handled data before GDPR, what you have to do to be GDPR compliant is document the process and make it possible to delete data upon request.


> The cost is strongly related to the size of the organization

There is a correlation between the number of GB you store and eg. how many DPOs you require?


No.


I actually think it's entirely the other way round.

A small business or a startup should have a relatively limited amount of data capture, and that data should be stored in a relatively limited number of places. In most cases, it should be straightforward to make sure that this is documented and appropriate controls are in place.

On the other hand, large companies have vast quantities of uncontrolled data gathering that nobody is responsible for.


Spot on. The biggest problem cases are hospitals, banks, insurance companies, airlines and - funny enough - governments. They all hold mountains of data and the systems are old and in many cases no longer maintained by anybody that was there when the system was first created.


People keep saying this, but I flat out don't believe it.


Suit yourself. But as mentioned elsewhere, the equivalent of GDPR has been law in Germany for over a decade, and small businesses have had no problem complying.


I meant I don't believe that it's going to be anywhere near as much of a burden to implement or comply. I guess I responded to the wrong person?


Is a single person running an app as a hobby a business?

If I want to put an open source app in the App Store, that’s not a business model for me. It’s more just personal expression.


> If I want to put an open source app in the App Store, that’s not a business model for me. It’s more just personal expression.

Try convincing a regulator of that.

But it doesn't matter, you're still logging PII. GDPR doesn't make any distinction of profit vs. non-profit vs. personal ownership. You're as liable as an individual as an organization.


Your personal expression is writing the open source software and putting it on GitHub. However, once you make it available as a service, you should be responsible for it.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: