Are you Managing GDPR yourself?
A question for other small biz saas’s.. are you managing any changes required for GDPR yourself or are you hiring a consultant to advise?
I’m trying to judge the risks of managing the changes myself versus the costs of looking for someone to help advise. How are others managing this?
Has anyone used a consultant they would recommend?
6 comments
[ 3.6 ms ] story [ 31.0 ms ] threadUpdates include things like a detailed disclosure of all data that is collected that could be considered PI (IPs, machine fingerprints, names, emails, etc.), GDPR-related requests, the third parties (sub-processors) I use to run my business, and the responsibilities of my company as a data processor, and my customers' responsibilities as data controllers.
I've been looking over a lot of other GDPR privacy policies and terms as inspiration, so I know what needs to be covered for my particular business, to see how they go about structuring their contracts, etc.
That, and I have been implementing adjustments to data retention (logs, backups, etc.), explicit consent, record deletion (luckily I never did soft deletes), etc.
I may hire a tech lawyer to look it over after I'm done and recommend that I make adjustments where needed.
https://travelalpacamybags.com/privacy
btw, love the site design!
yes
Can I have their email address?
no
:-)
Implementation and compliance with said law (including things like evaluating each data source and destination; examining retention policies, etc) we're doing entirely internally.