[Updated] Giving up complying with GDPR

Update(05/20): Inkdrop now does comply with GDPR. Please check out the updated privacy policy. Thank you so much for your help!

Update(05/18): Inkdrop does not need a DPO, so it can comply with GDPR.

After announcing this, some people told me that I don’t need a DPO. I was misunderstanding that DPO is mandatory for all businesses but it was wrong. Not every organisation needs to appoint one. The Regulation lays out three scenarios for a DPO as follows.

You should consider whether you are required to formally designate a Data Protection Officer (DPO). You must designate a DPO if you are:

• a public authority (except for courts acting in their judicial capacity);
• an organisation that carries out the regular and systematic monitoring of individuals on a large scale; or
• an organisation that carries out the large scale processing of special categories of data, such as health records, or information about criminal convictions. The Article 29 Working Party has produced guidance for organisations on the designation, position and tasks of DPOs.

From Point 11 on https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

And I’m not considered as any of them. Thank you for letting me know! I’ll announce again when I fixed the Privacy Policy about GDPR.

Today I’d like to announce Inkdrop’s new privacy policy which has been rewritten from scratch. It is a lot easier to read without ambiguous expressions than before. Please check it out on the website.

I have a sad news along with the privacy policy. Inkdrop has grown with users across the world, including people in EU. By the way, the European Union’s General Data Protection Regulation (GDPR) will come into force on May 25, 2018. It will affect companies located in EU but also those that have operations and customers there too, which might include me — Inkdrop. The aim is to give consumers control of their personal data as it is collected by companies. As a personal note-taking service, it looks like no wonder Inkdrop should comply with it. So I was working on it but encountered a critical problem; GDPR requires me to designate the data protection officer (DPO). The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level. For SMB companies and indie developers like me, it would cost a lot and makes hard to keep running with just a subsistence revenue. Besides, almost Inkdrop users are living in US or Japan, and comparatively the EU users are quite few at the moment. I’m sorry for our EU users to tell that Inkdrop has to decide giving up complying with GDPR since I don’t have enough budget for employing a DPO.

Why Inkdrop is not responsible to comply with GDPR?

In Article 3 “Territorial scope”, it defines that GDPR applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

And Inkdrop’s activities are considered as not related to both conditions because:

(a) Inkdrop offers its services only in English and in USD currency.

(b) Inkdrop doesn’t collect or track their behaviour for personalization or retargeting purposes.

Refund for the EU users

I’ll refund your last payment if you are living in European Economic Area(EEA) and wish to unsubscribe Inkdrop due to the non-GDPR compliance. Please email me contact@inkdrop.app to request a refund.

You are still able to use Inkdrop, just as websites are simply accessible by a global audience in themselves. But if you wish to continue or start using Inkdrop, I assume that you understand you can’t claim your privacy rights based on GDPR. Please keep that in mind.

GDPR is hard for indie developers in spite of the fact that it looks like valid rules to protect us but also makes web services useful. So I’ll keep working on the good privacy protection. Thank you for all your support!