Unsure of how you extrapolated the total number of users from my previous statements. We were a B2B SaaS where our customers each served 10,000s of end users, who also had access to our platform with their data stored within. In aggregate we’re talking 25mm+ total users in my case.
At the time, being that the DPO role was new we didn’t know how many requests to expect. And while the law may allow for 30 days, our customers wouldn’t take it well if it took us longer than a couple days (our customer service SLA was 24 hr first resolution time). Their customers would complain to our customer who in turn would complain to us. If we make our customers look bad, we hear about it loudly and clearly.
To each their own, I suppose. From my perspective as an overworked founder, with a small team, growing at >200%/yr, we didn’t see the need to take on additional work just to maintain a very small revenue stream
I don’t fault companies for wanting to remain in the EU market, but for us, it didn’t make much sense at the time as our real growth opportunity lay in the Us/Canada (mostly due to consumer habits in the region).
I have no issue with the spirit of GDPR, and as a human, I support it personally. But, for my business at that point in time, it didn’t make economic sense to comply, so we left.
> Unsure of how you extrapolated the total number of users from my previous statements. We were a B2B SaaS where our customers each served 10,000s of end users, who also had access to our platform with their data stored within. In aggregate we’re talking 25mm+ total users in my case.
Doesn't that make you a data processor rather than a data controller - i.e. not at all your problem for your end user's end users?
At the time, being that the DPO role was new we didn’t know how many requests to expect. And while the law may allow for 30 days, our customers wouldn’t take it well if it took us longer than a couple days (our customer service SLA was 24 hr first resolution time). Their customers would complain to our customer who in turn would complain to us. If we make our customers look bad, we hear about it loudly and clearly.
To each their own, I suppose. From my perspective as an overworked founder, with a small team, growing at >200%/yr, we didn’t see the need to take on additional work just to maintain a very small revenue stream
I don’t fault companies for wanting to remain in the EU market, but for us, it didn’t make much sense at the time as our real growth opportunity lay in the Us/Canada (mostly due to consumer habits in the region).
I have no issue with the spirit of GDPR, and as a human, I support it personally. But, for my business at that point in time, it didn’t make economic sense to comply, so we left.