Comment by wizzwizz4
9 hours ago
I'm specifically criticising the claim that GDPR was among the most burdensome requirements. Very little of GDPR is additional to what you need to do anyway, apart from DSARs (which aren't burdensome: you may charge a fee if someone's abusing the process), appointing a DPO (optional for most organisations), and the third-country restrictions (which are partly necessary, and article 45 reduces the burden). I don't dispute that regulations can be silly and a waste of time (e.g. PCI compliance requiring the removal of effective security measures, as directed by incompetent auditors, because the legal requirement is "passes an audit"), but I do dispute the use of GDPR as an example.
I'll note that of the three regulatory acronyms you gave, two of them (HIPPA and FDA approvals) are American.
> two of them (HIPPA and FDA approvals) are American
I specified all three via comma to highlight that we had quite some history in compliance, in different jurisdictions.
HIPPA covers only medical devices, GDPR covers everything. FDA approval process is convoluted and expensive, especially for new types of devices, but it's still much easier than European MDR.
Also, I mentioned FDA because we didn't even try to get a proper compliance in the EU, because it's impossible for a startup without huge support.