Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance (bleepingcomputer.com)

Posted by msmash on from the how-about-that dept.

Catalin Cimpanu, reporting for BleepingComputer: A new service called GDPR Shield made the rounds last week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with GDPR compliance. GDPR, or General Data Protection Regulation, is a new user and data privacy regulation slated to come into effect in the EU three weeks from now, on May 25, 2018.

The new regulation brings a wealth of protections to user privacy but is a nightmare for companies doing business in Europe. The reasons are plenty, but the humongous fines for failing to meet GDPR standards are at the top of the list for most companies ($24 million or 4% of a company's annual worldwide revenue -- whichever is higher). There's also the 72-hour deadline to reveal data breaches and the necessity of hiring a so-called "Data Protection Officer." Plus, GDPR also mandates that companies must inform users on what data they collected about them, allow them to review the data, and even let users delete the data from the company's servers if they so wish.

6 of 553 comments (clear)

  1. Nothing "new" here by Dorianny · · Score: 5, Insightful

    geofencing is not exactly a new concept. At least it finally is being used for good (privacy protection) rather then for evil (arbitrary geographical media blocking)

    1. Re:Nothing "new" here by OzPeter · · Score: 5, Insightful

      for good (privacy protection)

      Good is rather relative here: it's purpose here is evading privacy protection.

      It's not so much as evading privacy restrictions as locking out users for which privacy protections have been mandated.

      If anything you could use it as an indication to ether do or refuse to do business with a company based on what side of the GDPR fence you want to be.

      --
      I am Slashdot. Are you Slashdot as well?
  2. Re:Thousands, try millions. by FictionPimp · · Score: 5, Informative

    We didn't find much trouble in compliance. Sure we had to write a few policies and work out a procedure for exporting and deleting data from our systems. We did not spend even 25k in work to pull this off. It was fairly trivial for companies that don't make a product out of consumers.

  3. Good by houghi · · Score: 5, Interesting

    The way I see it as a European, it will mean that they where selling my data anyway, so that means they won't do that anymore. It also means they will not be able to do that for any of the other 350+MM Europeans.

    This was also the intended reason for the law. It is as if Europe is saying "You are not allowed to take our data" and these websites are saying "Well, if that is the case, as punishment, we are not going to take your data."

    --
    Don't fight for your country, if your country does not fight for you.
  4. Re:EU needs to be careful... by religionofpeas · · Score: 5, Insightful

    As a EU resident, I don't mind if companies are choosing to block EU if they can't comply with privacy rules. I'd rather not do business with those companies.

  5. Let me correct some details on the GDPR by Qbertino · · Score: 5, Informative

    Disclaimer: I've worked myself into GDPR details to shape my employer up for it.

    GP is a little off on some details.

    You have to *name* a Data Protectoin Officer. This can be anybody empowered to check compliance. Usually this is done by some administrative or IT specialist. Germany has had this for decades. No need for an extra hire.

    You don't have to spend thousands or millions. You just need to have a proper setup and due diligence in place. The new thing is that you need to document procedures in a standardized manner. The big difference between the law that come in on 25.4.2018 is that someone could only sue you if he was damaged and only if he could prove a data breach of critical personal data. The fines up to this point also were laughable.

    Now anyone involved, including customers, can ask how data is handled and the authorities and others have the right to review documentation of your SOPs for data protection. Also you're in for big trouble with massive fines (up to 4% of global anual revenue) if you're careless with data and aren't willing to comply with the GDPR.

    In short: If you have your IT in order GDPR compliance isn't that much of a big deal.
    Documentation is, but compliance is not.

    If however your IT is shit, then you're in for trouble if they come for you. Big time.
    Since they *will* eventually come for you *and* most companies (online *and* brick and mortar) IT setups are somewhere between disorganized shite and abysmal, companies would rather opt out than go through the hassle of complying. Which means only companies with proper procedures and due diligence in their IT will remain doing business in the EU. ... Can't really complain about that actually.

    Thus endeth some real-world details on GDPR.
    You're welcome.

    --
    We suffer more in our imagination than in reality. - Seneca