New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Best email host?
This discussion has been closed.
Comments
These aren't cherry picked over years. These come from the most recent two threads you've interacted in.
It's responses like this which are causing people to criticize you more than they already are. So far, no one has talked to you even remotely like you are talking to others. You need to respond the way you want others to respond to you.
Yes you have. My very first response to you was in reaction to your incredibly vivid and mean-spirited smearing of my name. But I thank you for quoting all of that because it clarifies what I had assumed about you: You are only capable of reading one sentence at a time.
It's like talking to a toddler, and for some reason it seems like I'm into it. I must be.
Thanks for the extra quotes. Edited.
You'll love my next trick then
In which case, you anonymize or delete what you can, and notify the customer that invoices will be kept for 5 years due to legal requirements then be deleted.
The GDPR enforces minimzation of both what data you keep and the retention period.
GDPR is an primarily an EU law, but does apply to US companies that processes EU resident data. Whilst it's incredibly unlikely the EU would ever fine small US hosting companies, it's still a good idea to not retain customer data that you don't need.
If you do legally need it, then explain and say when it'll be removed.
what the helly
Incredibly, this all started after someone pointed out that they had an issue with this:
Thank you, I was actually just in the process of asking about the invoicing because it is not something I am familiar with. It appears that you are required to provide these to customers, but I'm not seeing anything that says you yourself are required to retain the invoices.
Generally it would be sufficient for businesses to retain a combined spreadsheet of orders versus individual invoices -- and every CPA I've worked with prefers sheets instead of tabulating individual receipts by hand.
Maybe you are familiar with something UK specific I am not; in the US the retention requirements don't trigger until $10k of transactions has been reached.
Actually impossible. They fine the EU entities of multi-national corporations. The EU cannot fine a Texas citizen residing in Texas, nor a Texas corporation. There is no treaty in place that allows the US federal or Texas governments to enforce EU law in the state of Texas. Look up the word "jurisdiction."
Out of curiosity, are EU and UK GDPR laws the same?
Here's another source for your reading pleasure:
https://www.gov.uk/self-employed-records/what-records-to-keep
(In the context of being a sole trader, you must keep proof of income)
To me it would be weird if the US was any different? How do they audit things if data isn't kept?
Unless the US company has a presence in the EU, the US company is not subject to the jurisdiction of the GPDR.
I thought they are subject to it if they have EU customers.
I would say no.
I think we left the EU and copy pasted their laws, but there's been revisions. I've just been reading about this new "Data (Use and Access) Act 2025" which changes some things to do with retention, automated decision making, cookies, marketing.
https://ico.org.uk/about-the-ico/what-we-do/legislation-we-cover/data-use-and-access-act-2025/
Nope. Not if the company has no EU presence.
Yeah that's what I was wondering. I wasn't sure if "GDPR" was one set of laws shared by the UK and EU, or if the laws were just "forked" when the UK split from the EU and just kept its name.
The thought of it reminds me of Russia's fines towards Google that will never actually be paid
It looks like that's wrong:
https://gdpr.eu/compliance-checklist-us-companies/
Looks like it was just that
https://www.legislation.gov.uk/eur/2016/679/contents (EU GDPR)
And then another regulation just added on top
https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted (UK Data Protection Act)
What I've learned from this thread is that I'm a massive nerd for researching things when I should be sleeping
Lack of EU presence doesn't matter. The fines will still be issued, and the EU will attempt to collect. Though of course, if there aren't any seizable assets within the EU, that will be very difficult. For example, see the Clearview AI case.
Regardless, as I said, the spirit of the law, ie, customer data shouldn't be retained for longer than is necessary, should be respected regardless of how enforceable a fine is.
Yeah and my cat wants to be fed every hour. She tries to collect on that too. She's got more over me than the EU does. I don't submit to foreign entities no matter how much their citizens think themselves superior to the rest of the world.
A foreign entity cannot simply claim jurisdiction over another country and have it granted. That has to be obtained by treaty or war. This is grade school stuff, it's embarrassing how few people understand this.
Indeed, and it is enforced by treaty.
https://gdpr.eu/compliance-checklist-us-companies/
So it may be unlikely that they could collect, and they certainly wouldn't test the EU's reach on a small mail host, but it does mean that not obeying the GDPR for EU customers is technically in violation of laws with extraterritorial jurisdiction.
Yeah, admitted, this does seem like an operational challenge given the UK government's request to retain all sales invoices but also says to delete/redact customer information. That seems like a massive PITA to comply with if you're storing individual PDFs of invoices and not a database that you can just redact the customer name/address to generic anonymized fields. To use the gym example the gov't made, they would also presumably have the same record keeping requirements and yet also clearly have a deletion requirement, unless that's a difference between sole traders and companies over there?
The payment processors send a roll-up total to the IRS and they check to make sure the income you report is the same or greater than the total.
The problem here is thinking that UK Government departments liaison with eachother so they're on the same page. It's the complete opposite. One side will say one thing, the other will say something else. The overall winner is the one that has dominant legal authority or to put it bluntly, can grip your balls tight enough to make you squirm. In this case, it's HMRC
Edit: Also with the gym thing, it's more of a "in practice". They are purposely using language that isn't technically true because of things like what I stated. It should more accurately read "After you have cancelled your gym membership, the gym no longer needs to keep details of your name and address once 6 years after the tax year you last made a payment has passed, but they can delete your age and health data instantly!"
It sounds like the UK government is an absolute clusterfuck.
For extra-territorial, they can also just put a garnishment order on the payment networks and force the fees to be paid out of future sales from that jurisdiction
At the end of the day I think GDPR is like marmite. Some people feel really strongly for it, some people feel really strongly against it. But nobody really know what the hell it is. We all sort of pretend based on things we've seen or heard or been told, but there's no clear cut definitive answer, whilst at the same time being plenty of clear cut definitive answers.
Last year, Trump signed "Defending American Companies and Innovators From Overseas Extortion and Unfair Fines and Penalties" which in my eyes, contradicts the EU's ability to enforce any fine. (Edit: Or tries to)
Yes, the EU does fine US companies, and statistically US companies make up the majority of the money. But the US companies that pay it.. do they actually legally have to? I don't know. Are their balls being squeezed? Yes.. so they pay. Especially when it's a small % of their profits, sure, shuts the EU up for a year or so until the next one
Yeah that seems more likely to me to be what they'd do than try to invoke international treaties to engage directly in a legal battle against a small host.
I found their complete list of exemptions.
There IS an exemption for "the assessment or collection of a tax" which would exempt you from the rights conferred "But the exemption only applies to the extent that complying with these provisions would be likely to prejudice your purposes of processing. If this is not so, you must comply with the UK GDPR as normal."
Where that is defined as to "be likely to prejudice your purpose (e.g. have a damaging or detrimental effect on what you are doing); prevent or seriously impair you from processing personal data in a way that is required or necessary for your purpose."
So the way I read it is you would have to prove you can't report revenue by removing the individual's identifying information. In the gym example, they would still be able to report the revenue without retaining the person who specifically paid them and thus don't meet the exemption bar.
But I could be wrong, even I'm not sure why I'm in this particular rabbit hole at this point 🤣
Lmao he made a promo titled "WyvernCo_and_forest_are_psycho". I've never seen a provider get so mad so fast when being quoted and acting so childish. This is kind of beautiful. Plus, I get a cheap promo email out of it.