The GDPR - Confusing - Ambiguous - My thoughts
Posted by: Admin on 14th May 2018 05:35:15.
Some of my thoughts and observations on the GDPR
The GDPR is confusing and ambiguous and if you look around the internet everybody has different opinions on what it means, what is covered and how you comply with it. The interesting thing is that the they state that you must give clear and easy understandable details of your policy to your visitors, but the GDPR itself is neither clear or understandable itself.
Now what about the spammers, scammers and phishers? They hold your personal data, your email addresses and names etc. Surely they have to have a privacy statement and have to 'forget' you if you ask them to? How do you get that enforced? What are the GDPR authorities going to do to prosecute them? If there are rules for legitimate businesses then they must be applied to them too.
Now there are many sites on the internet stating that there are new Cookie laws within the GDPR that supersede the 2011 Cookie Legislation, reversing the implied acceptance that was agreed as the acceptable method, as it was decided then that explicit acceptance was not practical. If it was not practical then, then surely it is not practical now. These sites are stating that you have to get visitors to accept each type of cookie, Required, Marketing, Analytical and Personalisation, and if they do not accept then you must prevent your site from writing those cookies. Well that is going to cause major issues for the many so-called Web Developers out there, that call themselves web developers, but cannot write a line of code to save their lives, but just use software like Mobirise, WebPlus and Wordpress to create sites for clients, but cannot do anything other than what the software does for them. There are going to be a lot of clients that find themselves in hot water.
These sites that are saying these are requirements of the GDPR, although I cannot see anything in the GDPR that confirms this, but perhaps I am misreading these confusing regulations, they are also saying that you must record the details of everyone that accepted the cookies, but that rather defeats the object of the GDPR as that means that you have to store visitors personal data that you wouldn't have done so is forcing you to save personal data unnecessarily. Not only that but the cookie is stored on their PC, so if they do not visit your site ever again, how can you remove it?
There are many factors of the GDPR, that IMO are both impractical and impossible to manage if the above do really apply.
In addition there are many scaremongers out there that are convincing people to pay them monthly fees to install systems to comply with the GDPR and blowing up the regulations into much more that what they really are, just to get some of your hard earned cash.
Whilst I agree that it is important to protect peoples personal information, and I always do that as a matter of course, like most others do, I feel that the GDPR is far too complicated and some of it is impractical to manage. The EU makes it more and more difficult for businesses, especially small ones, to be able to succeed with so much red tape and complicated regulations.
The GDPR, IMO needs to be re-written in plain English (or your language) that is easy to understand and easier therefore to comply with.
OK, that's my rant over, no doubt I will follow it up with some more observations later.