Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

did that $250 include an audit to verify that you are actually in compliance?


Are you compliant with the copyright laws in your company? Are you sure you have licenses for all the software you use? Have you audited the software you write to ensure that none of the programmers have included code without an appropriate license? How about patents? Are you sure that the software you write does not infringe on patents somewhere? There are people who will happily audit your company in exchange for a truckload of money... For some reason, most people don't think this is necessary.

Your risk in GDPR is similar to your risk in IP law. If you don't comply with the law and someone calls you on it, you might have legal proceedings against you. In most cases it's pretty obvious if you are compliant with the law (Well, to be fair, it's completely unobvious if you are going to get randomly sued for patent infringement, but I digress...) If you are have a very complex situation, then maybe it is worth some legal advice, but it's pretty freaking obvious if you need the data you have collected in order to fulfil the contract or not.


There is no such thing as a GDPR audit.

Anybody that tries to sell you one is full of it.


How could this possibly be true?

You claim to know a lot about the GDPR, I’m not sure my business is compliant. Can you take a look and tell me?

What’s that called if not an audit?


An audit without certification will never give you anything that you could not have come up with yourself. So feel free to buy a GDPR audit but realize that you are just buying an opinion.


In the USA, the word "audit" is used to describe any process by which a company tries to determine if it's in compliance with some set of rules. Sometimes that process has special legal consequences, but it usually doesn't. The final deliverable is often literally called an opinion.

No lawyer or accountant has ever given me anything that I couldn't have come up with myself, with sufficient study. I still paid them, because the law is very complex and I have other things to do with my time. That's how any country with a nontrivial legal system works.

You seem to have great confidence that you understand how the GDPR will be enforced. I'd suggest that:

1. Not everyone knows as much about EU law as you do. This is especially true for people who don't live in the EU.

2. You might be wrong. Maybe GDPR compliance really is dead simple, and the lawyers who keep answering "it depends" are just cheating their clients; but from my experience in complying with similarly complex regulations, I wouldn't bet 20M EUR that's the case.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: