The data protection requirements themselves are not onerous at all. But the path to compliance is scary and complicated to anyone who isn’t a lawyer or is retaining one.
What’s needed is a “fast track” compliance package for individuals, small businesses and online communities. Something like a cookie cutter privacy policy along with a rule book for simple applications without trackers and where all PII is personally and transparently entered, edited and extracted by the data subjects themselves, like in your example.
That’s good enough for most applications, and great for entrepreneurs to not have to think about GDPR until they have enough momentum to warrant getting lawyers.
What’s needed is a “fast track” compliance package for individuals, small businesses and online communities. Something like a cookie cutter privacy policy along with a rule book for simple applications without trackers and where all PII is personally and transparently entered, edited and extracted by the data subjects themselves, like in your example.
That’s good enough for most applications, and great for entrepreneurs to not have to think about GDPR until they have enough momentum to warrant getting lawyers.