Miscellaneous Rumbles

At a crossroads again (seeking advice, I think)…


has the EU ever done anything for the public good [...]?

The answer to that question is deeply complex. But the manifestations of that complexity can tell the story to a fair degree, e.g, Brexit.

And I defy anyone to show me a single case where GDPR prevented a scam (and I certainly get as much spam as I always did).

Preventing a scam isn't the GDPR's objective. The objective is to grow government and make it more powerful. GDPR's fine structure tells you all you need to know. GDPR is basically leading EU member state governments saying, as it were, "hey we can't unravel Facebook's and Google's corporate structure to tax them, so we will pierce that corporate veil with impossible to comply with data protection laws and get "our" revenue from them on that basis."

Big companies love GDPR because they can deal with these blips in the cost of doing business. Small companies cannot and thereby GDPR and its ilk keep competition out of the sector. Why do you think Facebook only said this week that it welcomes being "regulated"? It's because that regulation becomes a barrier to entry in the market sector of any competition. Try maintaining an SEC regulated public company and you'll learn quickly how that works!

I once did an M&A deal selling a personality (sports agent) so it is possible that consultancy's can be bought and sold, but you are quite right, it is rare. In large part this is because there is no really feasible long term revenue stream when that revenue source is wholly based on personality rather than customer base, brand, etc.

I sympathize with you more than you might know and I will be starting to push my network a lot harder over the next year to find a situation where I can make one final performance that can hopefully keep me in good stead until retirement time.

Hang in there bro.


Knavel, guys,

Appreciated on all levels. But the true untold story about GDPR is the real lobby behind it--and it was a genius move by big business to mash competition by small business--and it is still going on.

Thanks to GDPR I actually received a mail from a guy claiming I was spamming him and that we'd never met. I sent him a pic of us together talking to a conference organizer (when we met), which is how I got his biz card. I actually had to spend time on this and get a lawyer to draft a letter to him.

This is insane. And now there is this unconscious weight where you are afraid to send mails--which we need to do. It's called marketing. We never spammed, but we did send mails to people we met at conferences. It's as if you had a bakery but were afraid to put a sign outside for regulation jams like these.

That is GDPR and it is working for big biz.

Anyway, if there is anything I can say to you, NJDevil, it is to indeed stick with it and make your money now. I see these 50-year olds (like me) suddenly on the shelf, and nobody wants us. Really. I'm going to need to reinvent myself, retool, re-something but in this new world, we are not high on the list of desireables. Everyone talks about experience--I have a proven track record of quadrupling business earnings no matter where i am. This includes in travel, apps, consulting, detective agencies and media--and probably I'm sharper than ever and could take any, for example, US firm here in Poland and not only make it more efficient, but make the employees happier and protect the firms interests as well. I know I can do it--I've done it. But when I had a brief, informal job interview (this weekend, actually), the questions were literally how well do I know excel and do I understand that I'll need to work weekends. The guy (kind of a friend of mine even) started with that.

I'm actually not proud. To hell with it. But he didn't listen to a single word I said. Said there might be an analyst position available, where I've been running crews of "analysts" here in multiple languages for years.

Pretty unreal.

Not going to get down about it--I simply don't have that option, but it is unreal. I've deal with so many heads of companies, directors of departments (often we've been subcontractors for large players), and I'm the one coming up with ideas, finding answers, solutions, etc.--but that doesn't mean they want you either. One guy joked I'd never work at his company because he doesn't want me taking his job.

It is what it is.



OK, sorry that I'm about to contribute to shutting down this thread with shop talk.

GDPR Recital 47 specifically cites "marketing" as being ("may be") a "legitimate interest". If something can be demonstrated as a "legitimate interest" this is one of the six bases of lawful processing under GDPR; consent need not be shown. It's not ideal to have to rely on Recital 47 because if the regulator really wants to, they will say the recital doesn't apply in whatever your marketing instance is. But it certainly is protection against a fine for wilful breach. We won't know what the parameters are of marketing that doesn't require consent until a company with big $$ actually litigates the issue to judgment. The UK regulator (ICO) has a decent discussion on the applicability of Recital 47.

Yes, being overqualified is part of the age issue. People want the glory and generally only want to hire people they can delegate to. It's why 30 year olds who are 5 years out of law school in a big firm are at the peak of their marketability. They know all the ropes, can work almost entirely independently, but at the same time are not at all a threat to their manager.

I don't know why you would waste money and time with a lawyer in the case you cited. Let that person go through the hassle of filing with the (presumably Polish) data regulator and deal with any case that may come out of that. Then you can learn if you have a strong or weak regulator in terms of data protection. It's a worthwhile exercise.



You are citing the "intent" of the law, which obv does a terrible job of defining marketing, which is not definable anyway, as I can attest having dealt with many internal fake "marketing" budgets, which were really cash diversion scams. It is incredibly hard to prosecute such scams, but the vagaries allow many, many angles.

The reality for small companies anyway (at least in my jurisdiction) is the following:

1) You have to react quickly and officially to such an idiot. Getting mired in a case with him is not really the issue. 2) The issue is that he turns you into the local regulator. These guys can then turn your company upside down and fine you to hell. In an already regulated industry such as mine, where detective law and GDPR overlaps if not coming into direct conflict, good luck. Plus, as you know, the fines can be insane. A German company just got hit. Probably they had some sort of system in place, but it was not viewed as being up to snuff. So, like it or not, we have to waste time on this. 3) And just the time wastage on keeping track of all personal meetings, documenting databases, etc. is outrageous. Sure, you can say this doesn't have to be done or that is over the top, but such controls (and I have been through many similar controls) are not an issue of the minimum, but of having done your defensive driving to the extreme. When they show up, you must be able to show them that there is not even a topic for discussion and snuff out each and ever fire right that minute. It is much the same in a tax control here.

Just the above is enough to create a very unnecessary burden. The stated purpose of GDPR, according to the EU is to protect privacy and data breaches. Unfortunately, the reality of forcing companies to create still more databases (that will store personal data while attempting to either justify this or document its destruction) just creates more opportunities for social engineering pros.

Let me put it this way: if I were evil, I would make a killing right now. I might eventually get arrested, but GDPR is similar to forcing lines of people to stand endlessly in airport lines to stop terrorism. Maybe planes of travellers are better protected (although this is debatable), but the creation of new, more vulnerable targets is not. And we have to run a business here. GDPR may well eliminate data vulnerabilities in one fashion, however: if you kill off companies, they certainly are not going to be storing personal data. Maybe that is the goal.

Re other comments, I probably have to reinvent my biz or start something else. It is what it is. Trying to figure it out.


Register Sign in to join the conversation