About GDPR

GDPR does not demand ‘privacy by design’. It does, however, require ‘Data Protection by Design’. https://www.smashingmagazine.com/2018/02/gdpr-for-web-developers/

As a citizen, I feel the GDPR is a significant step forward. For a software company, this is a major pain since I think we have gotten used (a least here in Sweden) to having access to personal information everywhere. Your social security number (“personnummer”) is used anywhere almost an as a primary key, from renting a pair of skis to visiting a doctor. A quick Google search can reveal if you own a business and properties, the average salary in your neighborhood among all. This data is aggregated from private companies selling ads. From my experience, this is not the case in the USA.

This is one of the better-nuanced articles about GDPR I have found. For me as an indie developer running a small business selling software without employees, there is a couple of changes, but it’s not the end of the world.

For a more prominent company with employees, this is much harder. GDPR also applies to authors processing sensitive information, which email and IP-addresses are not.

Europe’s data protection regime stands in stark contrast to that of the U.S., which has no single overarching, cross-sector, or cross-situational data protection law. What little privacy law there is in the U.S. tends to be applicable only within sectors or states. The American approach also tends to view privacy as a subset of contract or property law, not its discipline.

In Swedish, GDPR-guiden

A simple checklist for companines.´´ https://www.verksamt.se/driva/gdpr-dataskyddsregler/gdpr-guiden