In general I think legislatures putting out goals/guidelines instead of detailed specifications is a feature not a bug. Tech moves faster than they can possibly keep up with and to call out things down to the patchnote level just isn't feasible.
Try to think of it more like: "jury of your peers". If a dozen fellow sysadmins / devops / programmers would consider what you're doing to be reasonable then you're probably ok.
One big caveat to that with GDPR is that the legislature is very purposefully pushing for what many would consider fairly innocuous "personal data" to be treated more how many developers today would treat something like credit card numbers or banking info including pins and passwords.
If the format/style of the article feels familiar to you, it's probably because you read "AWS in Plain English" which I also wrote and which periodically blows up on HN.
It's not cheap, but if understanding GDPR is a professional concern, consider it a resource for explaining the history and motivation for the requirements that Michael extracts.
In the wake of the data protection issues we're having here in the US, I would love to have a GDPR-influenced regime.
And for small business, it mostly just means- be careful and respectful of people's personal data- which can be done without it being a burden.
https://blog.varonis.com/gdpr-requirements-list-in-plain-eng...
In general I think legislatures putting out goals/guidelines instead of detailed specifications is a feature not a bug. Tech moves faster than they can possibly keep up with and to call out things down to the patchnote level just isn't feasible.
Try to think of it more like: "jury of your peers". If a dozen fellow sysadmins / devops / programmers would consider what you're doing to be reasonable then you're probably ok.
One big caveat to that with GDPR is that the legislature is very purposefully pushing for what many would consider fairly innocuous "personal data" to be treated more how many developers today would treat something like credit card numbers or banking info including pins and passwords.
If the format/style of the article feels familiar to you, it's probably because you read "AWS in Plain English" which I also wrote and which periodically blows up on HN.