As a start-up, you do what you need to do, and probably skirt the laws in some areas (I do anyway).
We can't get to full compliance, and in the timeframe with the workload we're working with, we didn't send out a message to all of our users asking them to reconfirm that we can email them.
That's just a hassle I don't think is worthwhile at this stage. So, we're risking it. Are we going to get a $4m fine for this. No, did we every implement the cookie law, which because we are an embed would create a brutal UI and result in some of our customers having multiple "accept cookie" messages on a single page? No, we said screw it, it's a stupid law.
If we listened to every stupid law on the books, nobody would have any fun.
BUT, in my opinion, we work within the objective of the law. The law is about protecting users private data. That is a good thing. Due to GPDR, we are taking extra steps to protect user data, and making it easier for users to delete their data. We have had to create Data Processing Agreements for our customers.
Take a look at the law, see what you can implement, understand why the EU has implemented the law as they have, and get as close to legal as you can.
Every start-up is making trade-offs, just because this is a big-bad LAW, does that mean it should get all the attention and that your customers should suffer while you implement.
Weigh the odds and get to work. If this kills a start-up, I suspect it is the start-up gave up or needed to act shady.
This is definitely doable for a one-man start-up with no lawyer.
Just like Terms of Use, take a look at what others are doing, and then copy what works for you and your busy.
We can't get to full compliance, and in the timeframe with the workload we're working with, we didn't send out a message to all of our users asking them to reconfirm that we can email them.
That's just a hassle I don't think is worthwhile at this stage. So, we're risking it. Are we going to get a $4m fine for this. No, did we every implement the cookie law, which because we are an embed would create a brutal UI and result in some of our customers having multiple "accept cookie" messages on a single page? No, we said screw it, it's a stupid law.
If we listened to every stupid law on the books, nobody would have any fun.
BUT, in my opinion, we work within the objective of the law. The law is about protecting users private data. That is a good thing. Due to GPDR, we are taking extra steps to protect user data, and making it easier for users to delete their data. We have had to create Data Processing Agreements for our customers.
Take a look at the law, see what you can implement, understand why the EU has implemented the law as they have, and get as close to legal as you can.
Every start-up is making trade-offs, just because this is a big-bad LAW, does that mean it should get all the attention and that your customers should suffer while you implement.
Weigh the odds and get to work. If this kills a start-up, I suspect it is the start-up gave up or needed to act shady.
This is definitely doable for a one-man start-up with no lawyer.
Just like Terms of Use, take a look at what others are doing, and then copy what works for you and your busy.