Ask HN: How to comply with EU GDPR?
My application needs to store the user's first name, last name, and email address to customize the user's experience. Europe's new General Data Protection Regulation (GDPR) law requires that the application not store any data that can identify the user. Any suggestion how the application can comply with the law but also retain the customization based on an individual user?
4 comments
[ 4.3 ms ] story [ 19.4 ms ] threadFor example, it emphasizes getting proper consent from users ("active consent"). You can find examples of this under the name "clickwrap", which is the "I agree to..." type of checkbox. [1] ; There are also additional requirements to keep in mind for your app [2]
- You need to disclose data retention (how long are you planning to retain user data) - User choices - Disclosing if you're the data controller or data processor - Disclosing the data processors you work with (Google Analytics, Mixpanel)
[1] https://termsfeed.com/blog/browsewrap-clickwrap/
[2] https://www.slideshare.net/termsfeed/gdpr-privacy-policy
As much as I want to comply to it, I found it’s difficult to comprehend its requirements and translate them into concrete code.
However, GDPR is so big, and it's here to stay, and my opinion is that will, in the years to come, the way how companies handled personal data, not only for EU citizens.
One interesting aspect of the GDPR is that you, for example, as a processor, must be compliant so that I, as a controller, will work with you. If you think about that, it will soon be evident that GDPR compliance can be strictly a business decision, like ISO certification.