this post was submitted on 03 Apr 2025
168 points (99.4% liked)
Europe
5184 readers
1355 users here now
News and information from Europe 🇪🇺
(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)
Rules (2024-08-30)
- This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
- No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
- Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
- No bigotry, sexism, racism, antisemitism, dehumanization of minorities, or glorification of National Socialism.
- Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
- If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
- Light-hearted content, memes, and posts about your European everyday belong in [email protected]. (They're cool, you should subscribe there too!)
- Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
- No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)
(This list may get expanded when necessary.)
We will use some leeway to decide whether to remove a comment.
If need be, there are also bans: 3 days for lighter offenses, 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.
If you want to protest a removal or ban, feel free to write privately to the mods: @[email protected], @[email protected], or @[email protected].
founded 9 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It is not trivial, the existence of you job makes that self-evident. If it was trivial companies wouldn't need a DPO, would they? I would love to see you walk up to your employer and tell them that your job is trivial and anyone can do it...
You might not see this yourself, but the fact that even a small company needs a DPO in order to interpret data protection regulation IS the problem! But I am sure you are not complaining... It needs to be simplified so a small company can be GDPR compliant without requiring a DPO.
This problem is recognized in the report from the EU commission linked in the article, which is why they are acting.
The fact that small startups cannot even take off because they cannot afford to hiring the bureaucrats required to interpret and be compliant with regulation is a massive problem and one of the reasons Europe's economy is stagnating. It is not about exploiting personal data, it is about the cost of bureaucracy killing European startups in their infancy.
Again, as someone who performs the job, I'm telling you: It's trivial. Come on, don't try to somehow 'reason' that away, that's just silly. Many jobs are trivial, many jobs need to be done. Mine needs to be done because it's mandated, not because it's hard. And I could, in fact, walk up to my employer and tell them that it's trivial because they would understand - both my boss and I took the same one-day course to become certified.
Again, I don't know what you think the workload entails, but if you want more specifics I can tell you that my position as a DPO takes up less than 5% of my time and most of that falls to preparing the yearly internal employee training course and the rest is basically automated. It's not some kind of full time profession unless you have a gigantic corporation or literally run a legal business offering external DPO services. Compare it to the position of something like a medical first responder, if that exists where you live.
In fact, I'm going to do you a solid now and break down the certification course: If you handle personal data, write down where it is and who does what with it. Don't ask for personal data that you don't need to perform your function, don't share personal data with third parties, delete all personal data the moment you don't need it any more. There, GDRP-compliance for the vast majority of businesses in just one paragraph.
It truly is very, very trivial - as is the whole GDPR main text, for that matter. It's well structured and uses simple wording.
Ah yes, the Draghi report. "Europe must invest twice as much as it did rebuilding after World War II, allow more tech and telecoms companies to merge and take drastic measures on defense spending"
If you'll have another look at the article, that's part of the massive industry lobbying effort that they're referring to.
I don't know how else to put this, but this is just not a real problem. I'm reluctant to outright call it a fiction, because there might always be information that I'm missing, but as someone who has worked in the field for about 3 years now I've never come across internal or external reports of businesses who could not afford GDPR compliance. Again, that would be silly, that's like complaining about building code because you have to spend a pittance on fire extinguishers.