I mean, at our company, GDPR requests have to cost at least $50 a pop. It goes to a human team to review and process with a dedicated legal representative.
Yes we should. But there are a few too many systems, and we add and drop systems with such regularity that it would still be a non-stop engineering challenge.
>stop collecting
For the few records we do return as part of GDPR requests, they are usually associated to customer and billing data. I don't know how you run a business without that.
> eu citizens wont have such a fee.
They do and it's collected in the cost of higher product costs.
Very fair point, and I understand the necessity of data collection in some cases. I do feel like that's a cost that's incurred voluntarily, though, and shouldn't fall on the shoulders of users/customers. Some people might not want data to be collected to begin with, so the cost ends up being your company's fault and not theirs.
Yeah, that's definitely the case and I see where the hassle is, but to restate my point, those costs are simply a part of overhead and not the business of users. Unless the users are given an opt-out first and foremost, they're owed ownership over their personal data.
Again, the language of the proposed bill is requiring 2 free requests per person.
$100 for an occasional person? No biggie.
Potentially infinite? That's a bit more than normal overhead.
While we haven't seen this sort of DDoS attack through our GDPR process yet, the potential is already there if bad actors or competitors wanted to exploit it.
