> NOTE: we delete all client data when they cancel already. And we don’t do any creepy marketing.
Do you inform your users what data you're collecting, why you're collecting it, and get their consent? Are you taking proper precautions with the expanded PII data (encrypting at rest for example)? You've basically covered the requirements.
> Yet needs to be sure they don’t end up giving the company to the EU because someone over there signs up on a marketing list.
What kind of FUD are people reading...if someone voluntarily gives you their email to sign up for a list that's fine. You just need to keep that they consented to receive what they agreed to. What you can't do is use that email for crap they didn't sign up to receive. Obviously normal unbsub rules apply, which in this case says forget that someone ever signed up.
It's a reality. Literally, a 4% tithe on our revenue would literally kill us right now. Funny though you seem to know this isn't the case, having never seen our books.
Um, but now you are storing data "they own". And now you have to comply with how each member country wants you to handle that data. So yeah, you can violate the GDPR...
Do you inform your users what data you're collecting, why you're collecting it, and get their consent? Are you taking proper precautions with the expanded PII data (encrypting at rest for example)? You've basically covered the requirements.
> Yet needs to be sure they don’t end up giving the company to the EU because someone over there signs up on a marketing list.
What kind of FUD are people reading...if someone voluntarily gives you their email to sign up for a list that's fine. You just need to keep that they consented to receive what they agreed to. What you can't do is use that email for crap they didn't sign up to receive. Obviously normal unbsub rules apply, which in this case says forget that someone ever signed up.