Thanks for clearing that up. I’m sure nobody knew what I meant until I made the clarifying post above.
As an individual I am much more likely to trust an organisation that follows GDPR regulations over one that doesn’t. That obviously doesn’t mean they’re never going to have a data breach- but by law they will have to announce it within 3 days, and will face massive fines if negligent - that, to me, is a company I would prefer to give my business to - and was my point. Pedantry doesn’t help.
GDPR is very popular here on HN, but I think it's important to keep a level head about what it actually does and what its real-world effects will be. That is the entire point of this thread, after all.
The difference between "not having a breach" and "a legal obligation to announce it within three days" is not semantic. It is absolutely material to the real-world value of GDPR, and claims about it should reflect that.
