Currently we're discussing the German version of the GDPR (General Data Protection Regulation) in R24 since it will take effect on May 25th. Unfortunately the German DSGVO seems to apply to Fidonet which is an unmitigated disaster IMHO. Do other EU states have exemptions for small companies or organizations? How do you deal with this topic regarding Fidonet?