• frezik@midwest.social
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    11 months ago

    Not just the legal team. Every time there’s new legislation like this, a new set of contractors pop up offering to walk your company through what it needs to do to be compliant. Nobody is quite sure what the limits are–and nobody will for several years until court precedents work out the issues–so those contractors are going to tell you to assume the worst case interpretation.

    PCI Compliance (technically a contractual obligation rather than legal), Sarbanes-Oxley, and GDPR were good things, but all of them spawned a sub-industry of grifters.

    • dani@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      11 months ago

      Is it even the legal team though? This just feels like someone playing malicious compliance.