This kind of laws exist mostly to make people think UE is taking care of privacy and force foreign websites to comply to specific UE laws.
It is the same with IA and public surveillance. Despites UE says it's against facial recognition, countries as France for example are using this and are aiming a national level deployment.
UE just want you to think everything is fine with your datas, but has no plan on enforcing the law.
The goal is clearly not to focus on privacy. Creating GDPR experts roles that block foreign countries to push their websites in europe is much more valuable.
Anyway it's impossible to comply with this law. French law forces you to store customers datas for 10 years (invoices can't be destroyed) and ask you to delete EVERYTHING if the customer ask for it.
Even if you wanted to, you cannot comply to this law, which has anyway some huge flaws.
This kind of laws exist mostly to make people think UE is taking care of privacy and force foreign websites to comply to specific UE laws.
It is the same with IA and public surveillance. Despites UE says it's against facial recognition, countries as France for example are using this and are aiming a national level deployment.
UE just want you to think everything is fine with your datas, but has no plan on enforcing the law. The goal is clearly not to focus on privacy. Creating GDPR experts roles that block foreign countries to push their websites in europe is much more valuable.
Anyway it's impossible to comply with this law. French law forces you to store customers datas for 10 years (invoices can't be destroyed) and ask you to delete EVERYTHING if the customer ask for it. Even if you wanted to, you cannot comply to this law, which has anyway some huge flaws.
It's UE politic bullshit