Ask HN: Are there any useful GDPR references?

6 points by kingofspain ↗ HN
I’m in the early stages of building a SaaS in the UK but finding it quite tricky to find any useful actionable information on dealing with the GDPR. The official stuff is a bit vague & at least to me, difficult to translate to my use case - and any search is plagued with consultancy-spam or blog spam rehashes of what must have been a single useless source from antiquity. Closest I could find to what I’m looking for is https://www.hallaminternet.com/how-to-make-your-website-gdpr-compliant/

Has anyone found any other good guides? Ideally as they’d relate to SaaS but anything similar that could translate is good too.

5 comments

[ 3.5 ms ] story [ 17.1 ms ] thread
Can you give some examples of what you are worried about? I’m a PM working on GDPR issues for the SaaS company I work for, maybe I can give some pointers, but I need more details.

In the dark, common issues are around consent of collection of personal data (including cookies) and Right of erasure. Anyway, I’ve found the actual text of the GDPR to be the best resource to be honest.

I have been curating resources for this for a while. I'm hoping to get at least some of them online this weekend. I have already noticed that there are some opinions coming out which are more prescriptive than the actual GDPR text. A lot of it is FUD from IT service providers. I'm hoping to focus on interpretation, grey areas and materials for non-power-users rather than replicate the source material below

The three best resources for a high level user I have found are (in no particular order)

1) Wikipedia as others have said

2) ico.org.uk

3) The GDPR itself

Best tip I can offer is that if your business is not the personal data itself, simply acting in good faith is going to get you 95% of the way to compliance