Ask HN: Small web site owners, how do you deal with the GDPR?
I'm running a small, static, non-commercial website (http://t3x.org) and I'm currently investigating options for dealing with the new General Data Protection Regulation, which looks like a minefield to me that opens the door for all kinds of dubious C&D letters.
So far I have thought about:
- contacting a lawyer to work out a proper data privacy statement, but I don't think I can afford this
- deactivating the server logfiles so that the site really does not store any user-related data (is this really safe?)
- shutting down the site (currently most probable)
How do you deal with the situation?
9 comments
[ 3.9 ms ] story [ 29.6 ms ] threadIf your hoster allows you to change whats in the log files you could look into that too (e.g. don't log full IPs, or delete them after 2 weeks and only keep unpersonalized access logs longer: right now it's not entirely clear from the purposes you list why you need to keep IPs at all).
Not sure if you're supposed to have a German version too, despite your site being in English. (unrelated to GDPR)
I log access to a ram disk and truncate the logs daily. If I start having issues that require keeping logs, I rsync to a secure location or rotate until x percentage of ramdisk is full.
My machines boot up and bootstrap their static content, cgi scripts, etc, from a git repo over a VPN link. They dynamically format a data volume using a long random key that I have no knowledge of. The end goal being ephemeral and cattle. If I need to back up anything in a data volume, I do so over a VPN link.
Again, this is just my lunatic method and has never been tested in a legal case. I could argue a thousand reasons to not use my methods and only a few hundred to use them.
* Move your site to Github, it is free and you get a domain like your_username.github.io. Works great for static websites.
* With less than $100 per year you can buy a .com domain name from a US registrar and a cheap VPS on DigitalOcean or Linode, chose a VPS from US or some other now European jurisdiction.
* Another free approach, host it on Azure see https://buildazure.com/2016/08/25/free-website-hosting-in-mi... for an example.
If you need other options to cut cost, freedns.afraid.org offers free subdomains under ~68000 second level domains.