> As a tech manager for an EU company, I can honestly say that it isn’t that hard to be GDPR compliant
It's pretty easy for a business to be GDPR compliant unless their business model or processes in some way involve collecting and processing or selling personal data of their users. Before GDPR a lot of businesses used this as a nice little second income stream, or just grew used to being able to freely analyze every aspect of their users private data that they could get a hold of. Suddenly they can't do this anymore, and what's actually difficult is not being compliant with GDPR, it's reconciling their business to a new way of working where they have to be considerate of their user's right to privacy.
For example, you have a deeply entrenched analytics system that you base a lot of your decisions on. Suddenly you have to basically gut it, or even throw it out entirely. No matter that's there's plenty of GDPR compliant systems to replace it, they don't feel as effective and it's easy to see why a business would make these changes begrudgingly and with a lot of complaining about how unfair it all is.
That looks to me as though the system is working exactly as intended. When I do business with company 'A' I do not expect or consent to them passing that data on to company 'B'.
That’s the point I’m making though. The law isnt a problem. It’s companies who abused user data that’s the problem.
It’s also worth noting that you can still using customer data for analytics under GDPR. GDPR doesn’t prevent legitimate analytics from happening. It just gives consumers power to be excluded from analytics and to force companies to be transparent about their usage of personal data.
It's pretty easy for a business to be GDPR compliant unless their business model or processes in some way involve collecting and processing or selling personal data of their users. Before GDPR a lot of businesses used this as a nice little second income stream, or just grew used to being able to freely analyze every aspect of their users private data that they could get a hold of. Suddenly they can't do this anymore, and what's actually difficult is not being compliant with GDPR, it's reconciling their business to a new way of working where they have to be considerate of their user's right to privacy.
For example, you have a deeply entrenched analytics system that you base a lot of your decisions on. Suddenly you have to basically gut it, or even throw it out entirely. No matter that's there's plenty of GDPR compliant systems to replace it, they don't feel as effective and it's easy to see why a business would make these changes begrudgingly and with a lot of complaining about how unfair it all is.