New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance

Catalin Cimpanu, reporting for BleepingComputer: A new service called GDPR Shield made the rounds last week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with GDPR compliance. GDPR, or General Data Protection Regulation, is a new user and data privacy regulation slated to come into effect in the EU three weeks from now, on May 25, 2018.

The new regulation brings a wealth of protections to user privacy but is a nightmare for companies doing business in Europe. The reasons are plenty, but the humongous fines for failing to meet GDPR standards are at the top of the list for most companies ($24 million or 4% of a company's annual worldwide revenue -- whichever is higher). There's also the 72-hour deadline to reveal data breaches and the necessity of hiring a so-called "Data Protection Officer." Plus, GDPR also mandates that companies must inform users on what data they collected about them, allow them to review the data, and even let users delete the data from the company's servers if they so wish.

Good

[houghi]

The way I see it as a European, it will mean that they where selling my data anyway, so that means they won't do that anymore. It also means they will not be able to do that for any of the other 350+MM Europeans.

This was also the intended reason for the law. It is as if Europe is saying "You are not allowed to take our data" and these websites are saying "Well, if that is the case, as punishment, we are not going to take your data."

Re:**note - they don't have to be sitting in the E

[Brett+Buck]

They aren't protected AT ALL. Unless you want to try to invade the US to enforce your rules, you can call all the cops you want, file some diplomatic grievances, quote some EU law, and they will laugh at you.

      EU people are always on about the US trying to police the world. Well, this is the EU trying to enforce their laws globally. We tell the Chinese to piss off and they have *real* power. The EU is a bunch of backwater corrupotocrats trying to replicate the USSR who have no power whatsoever, and depend on us for both endless streams of money and for subsidizing their defense (in some cases because we don't trust them to have any power themselves, Germany being a repeat offender). You have NO control and the people that are currently paying their fines are doing it semi-voluntarily - it's extortion and designed to be.

  If push comes to shove, US companies will tell you to piss off and there's not one damn thing you can do about it.

Re: Nothing "new" here

Thing is, that "letter from GDPR hell" would take less than ten minutes for a mom and pop to complete accurately, _if_ the organisation is in compliance with _current_ law.
Of course, if the organisation isn't currently in compliance with the law.

Re: Nothing "new" here

For most companies, especially small "mom and pop" stores GDPR compliance is trivial.
All you need to do is
* Store no more data than you need
* Decent password encryption
* Have a data deletion policy
* Don't send marketing emails to anyone that you can't prove agreed to receive them (basically log ticking an opt-in box)
* Designate someone to be responsible for replying to data requests

If you'd rather pay for a service to block EU users than fulfill that, I don't want you having my data. The companies that it's expensive for are the ones that have large amounts of user data, your Facebook, Google etc.