I know that GDPR does not technically introduce any new controls that do not already exist in other existing regulations, but where do we want to draw the boundaries, if any, on GDPR questions?
We allow personal privacy questions, and technical controls are obviously on-topic. Legal questions are also well-established to be off-topic. Guesses on what the ICO will allow are right out.
But I'm getting a feeling that we should make a decision now about what we do and do not want to accept.
Questions like:
- "How to perform a Privacy Impact Analysis?"
- "What impact will X have on privacy?"
- "Does X impact privacy?"
Do we deem these all "legal" questions? Are they technical control-type questions?
Where do we want to draw the line?