Hacker News new | past | comments | ask | show | jobs | submit login

> The point is that your b2b customer is itself a b2c business that holds customer data in the product you sold them.

This is not true of most SaaS products I use on daily basis e.g. calendar, gmail, Slack, GitHub, code review tools, CI server, etc.




If Slack uses Google Analytics, it makes GA a processor for the consent that Slack has acquired from you to track you. GA would be a processor in this scenario, and Slack would be the controller and owner of the data stored on GA’s servers.

Slack would indeed be the controller of the data, since Slack is more of a standalone product. But they have less to fear from the GDPR, because tracking is not their core business. GA otoh is different, and the point that OP is making is that if you were to make an on-prem solution of GA, surely it would be simpler to make GA compliant with GDPR as a Processor rather than going over the top and go fully on-prem?


The GDPR applies to employees as much as it applies to customers. Internal tools are not exempt.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: