I have read the law, the citizen brief made available to us. Not the full document introduced to the Union (yet.)
First and foremost; this website is not a business. It would be considered a private, non commercial website, and these laws target companies. (Registered and all, operating in the EU or having trade deals in place legitimizing working in the EU and of course, being subject to EU laws whilst doing so.) Because you are not a "Service provider." in the term of a contract (Tit for Tat) But rather a free to use tool online using donations i do not think you are subject to the penalties or obligations.
Secondly in regards to liability, I think you lawyers was commenting on: (Art. 33-34 of the Regulation)
"If your data is lost or stolen, and if this data breach could harm you, the
company causing the data breach will have to inform you (and the relevant data
protection supervisory authority) without undue delay. If the company doesn’t do
this, it can be fined. Recent attacks, such as WannaCry, Meltdown and Spectre, or
the Uber case show how important this new right is."
That is to say if Damages WERE suffered, proven by court, and willful ignorance or attempts to cover up the breach, proven in court sanctions will be filed. But, because you are not a for-profit anything. But i also do not think your site (as far as i can see) stores any information that could "Hurt" a person. People do not have secrets hidden here, banking information, credit cards? Home adresses?
And (Art. 12-14 of the Regulation)
A right to receive clear and understandable information
about who is processing your data, what data they are processing and why they are
I do not reckon you store much information, but you will need to have one of those anoying eula's or pop up saying. "We have cookies, store your ip for future visits and do not do anything with th is information, the Eu has asked me to be annoying so click on the TRIANGLE, not the X to say "Ok man. what ever let me roll dice."
It is my opinion that you will be fine, but asking lawyers who understands EU laws and your specific obligation is a good step to ensure you manage your risks.
I have been using your site recently and hope to continue to use the work of your great efforts in the comming years.
Stay calm, be good, and be cool man.
-Eu guy. |