I have a few products on AWS marketplace. My biggest complaint with AWS is that there is 0 visibility into conversion metrics as a publisher. You don't know how many times your listing appeared in search, who clicked on it but didn't signup etc. AWS shows ref tag reports, but they only tell you how much traffic you drove to the listing.
Also, optimizing search ranking for your product is hit-and-miss, with no clear guidelines or tips.
Serious question: What are the odds of someone offical even noticing that you are in violation of GDPR? It's not like they'll enforce GDPR and collect $7.89 in fines from small businesses.
A good question. But that’s not how these things work. The law has to be self enforced or it’s useless - since as you say, how will small to medium businesses ever be caught violating?
Megacorps comply because of mega fines.
Small business comply because their owners or future buyers are a larger Corp who fears that their sub-subsidiary might be in violation, causing a future mega fine.
So small businesses who care about the value of their company follow these rules. It’s almost exactly the same reason small business buy software licenses. It’s not of fear of fines but because otherwise they don’t look like a serious company.
I question I have been wondering is how many companies will leave some violations such as data in backups - simply because removing it is too expensive so it’s a risk worth taking. I honestly haven’t understood how backup of data fits into the requirement to delete data of a certain age?
GDPR has the concept of backups and their expiration windows covered.
I'll pick an example from my work. Data can be deleted from the active set, at which point it takes extra effort to retrieve it. (If you can't SELECT it anymore from the warm slaves, it's gone.) But as long as you can make a point-in-time-recovery from your backups, the data is still present in the inactive set. Using the inactive set requires, by definition, extra effort.
So you need to state that fact in the data protection/retention policy, AND put reasonable technical enforcement mechanisms ("controls") in place to ensure that backups are expired and fully deleted after a given retention period. The older your unexpired backups get, the less valuable they should become.
What are the odds of someone offical even noticing that you are in violation of GDPR?
Plenty of ordinary people will be actively looking for opportunities to file GDPR complaints. I know I will. This is a crusade. Taking the Internet back from adtech.
It depends, for example a local restaurant mini-chain has been doing some spamming and refused to take me off their list, so if I get a single message from them after May 26th, I'll definitely file a complaint. From the consumers perspective, the main GDPR effect is that things that previously were scummy but legal have now become forbidden, and some of the things that have been forbidden but not enforced now have an enforcement mechanism with teeth to make it happen.
Owning a US LLC as a non-resident can be complicated; it depends on a variety of circumstances regarding what you do, how your business interacts with the US market, whether you are a US citizen, where you live, etc. You may wish to speak to an accountant.
I'd love your feedback on my side project. My goal with screenshotapp is to make it easy to visually monitor any site or webapp for changes across browsers and different resolutions.
You're not alone. I have had similar experience as an outsider on bunch of other similar sites as well. My submissions are "Pending Approval" for over a year. No reply to tweets or emails, when clearly new sites from SF are approved daily / weekly.
Also, optimizing search ranking for your product is hit-and-miss, with no clear guidelines or tips.