Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The rule for not replying to GDPR requests (e.g. sent by registered letter) holds within a month: the maximum fine for this is 4% of last years total revenue or 20 mio €, whichever is the larger number.

For US companies use their (typically Dublin) European HQs.



Yes but the Irish privacy authority is just a front for US interests. Because the country makes so much money from big tech tax avoidance.


> the maximum fine for this is 4% of last years total revenue or 20 mio €, whichever is the larger number.

The maximum fine wasn't even achieved by Facebook, after years and many blatant GDPR cases. Do you really think someone is getting a fine for not replying to a subject access request in due time? If so I have a very good bridge to sell you, and that bridge has more probability to exist than Amazon getting any kind of GDPR fine for not acknowledging a SAR.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: