Seth Mattinen wrote on 26/05/2018 08:41:
Good luck getting multiple millions worth of fines out of small businesses that never even touch a million a year in revenue, let alone the added expenses of trying to do all the crap GDPR thinks everyone can suddenly afford out of nowhere.
You can put the straw man away - Europe isn't the US. No Data Protection Authority in Europe is going to sue a mom & pop business in the US for millions because they haven't clarified their cookies policy. The upper limits of the fines are aimed at the robber barons of the world.
The DPAs in Europe are for the most part lawsuit-averse and engage with companies to build alignment rather than taking the punitive approach and liberally dishing out lawsuits and fines. The emphasis on GDPR compliance is aiming at reasonable steps rather than pretending that every organisation is going to end up redesigning their entire existence around GDPR on may 25.
Nick
