| 3 | 3 | So, yes, if 1) you are an entity subject to the GDPR (like the WP Foundation is), and if 2) you harvest and process data that you scrape from a website and connect it in your data store in such a way that it can, through direct or indirect means, be identified with an individual EU citizen (e.g. the website has an 'About' page that identifies a specific individual), then indeed the GDPR *does* bear upon that. "But that's a really onerous requirement" doesn't matter; the GDPR's POV on that - for better or for worse, whether I like it or not - is "yes, that's what we wanted to accomplish, it seems like things are going well." |