Jump to content
Sandra Morgan

Useful GDPR Checklists

Recommended Posts

Hi,

As a small business owner I am interested in sourcing as many GDPR Checklists as possible because I'm keen to make my business compliant myself. So far I have came across this one.  https://www.infinitygroup.co.uk/gdpr-checklist/ Has anyone found any others useful that they can share with me?

Edited by cstevensjr
Removed link, kept URL

Share this post


Link to post
Share on other sites

Can we still make websites without the EU hunting us down ?

  • Like 1

Share this post


Link to post
Share on other sites
27 minutes ago, pwired said:

Can we still make websites without the EU hunting us down ?

Building a website is not the problem. Running a business with it can become the problem.

Collecting e-mail addresses, tracking visitors and monitoring visitor-behaviour, combining it with 3rd parties like Facebook and ad networks will be a much bigger thing now.

Cookie permissions here, double-opt-in there, and so on... it will be much more challenging than before. 

 

Don't know anything special about sources in Spain, UK, US but here in Germany there are some lawyers offering (free and paid) help for all kinds of businesses.

Just to name two I prefer: https://www.e-recht24.de/ and https://drschwenke.de/

And as always with legal stuff: lawyers are my one and only trusted source.

Not other companies (like the one above) that offer checklists, guides and tutorials. 

  • Like 5

Share this post


Link to post
Share on other sites

In some cases it is much work to do, for the own business (not related to web business, only) and for building websites. But building or adapting websites for clients to become gdpr compliant is nice, as you now can acquire some extra paid work. 😀

In the near future, we have to build new sites gdpr compliant from start up. 

In regard of only trust the lawyers, I have mixed feelings. Sure you can find some usefull infos on eRecht24, but they also claim without warranty. 😄 And the free generators are very basic. I got me a premium account there, and found some more in depth information. But I think it is important to get the hands dirty by walking through a lot of texts and finding out what is important for one self.

Share this post


Link to post
Share on other sites

Guys, I guess Sandra Morgan's post is spam. It includes a link not to a checklist but a service, most probably their own...

  • Like 3

Share this post


Link to post
Share on other sites
16 minutes ago, horst said:

as you now can acquire some extra paid work.

In short term. In the long term if small business close down in great numbers because of GDPR fines they cannot pay then we might end up with less paid work opportunities. Every dime has two sides...

Share this post


Link to post
Share on other sites

Making sites GDPR compliant... this is a thing I'm careful with.

Knowing what to for each client because of an audit or a lawyer who looked into it will work. No doubt. You do what a professional and reliable source said to make a site compliant.

But I personally have not and will not tell a client what to do or what not to do. I know some things (probably more than any client and some "experts" out there) but stating and offering GDPR compliant sites can get me into trouble. I'm not a lawyer I can't offer legal advise at all.

The without warranty-thing that eRecht24 does is fine. They offer generators and therefore legal texts based on your input. 
Asking a lawyer (or better lawyers) to check and create everything for you will cost you a lot of money but then you will get a warranty too.

Providing design works, logic and functionality will almost stay the same. Being GDPR compliant from start can and will be tricky.

At some point someone has to ask a lawyer.
At some point you have to stop implementing third parties.
At some point other GDPR-related things kick in (like the Datenschutzbeauftragter) and the developer isn't the right person for that detail anymore.

As developers we can't handle every aspect of the GDPR and things that will come.

 

But yes... getting our hands dirty will come and it's necessary. Necessary for good and trusted developers.

  • Like 1

Share this post


Link to post
Share on other sites
5 minutes ago, wbmnfktr said:

At some point you have to stop implementing third parties.

This is my main concern, in general. You see, all the software we and our clients use is third party, not to mention hardware. We just add a bunch of code on top of lots of underlying systems. So now what?

  • Like 1

Share this post


Link to post
Share on other sites

I'm not talking about all kinds of third party software. Just a few.

We may have to stop ourselves and our clients from using third party things like:

  • Google Analytics
  • Google Adsense
  • Google Fonts
  • Typekit and similar services
  • Ad networks
  • Facebook Pixel
  • Hotjar
  • Hubspot
  • Social Widgets
  • Free CDNs
  • ... and so on

At least as we used it in the past.

There are GDPR compliant ways of using Analytics, Retargeting, Monetizing and whatever. But it's work now.

  • Like 1

Share this post


Link to post
Share on other sites

Plain old email (client app) is not GDPR compliant... Client cannot ask you to extract certain data from the db (for analyzing it in excel for example) when they want you to send that data to them in an email because that way of handling data is out of any sort of trackable procedure, so things like asking for all personal data removal will be impossible if fragments of that data can be found all over in various data storage of various software (logs, emails, backups, xls, etc...). Clients cannot just replace their IT infrastructure and habits overnight, it will take decades of software rewriting to get to the level of GRPR and such....

I do not know what will be the outcome of these new laws when they happen to be really forced on us but I'm not optimistic at all.

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

As someone who has had his hands tied behind his back due to USA HIPAA laws and regulations, I am having some fun listening to everyone panic about how they have to comply now with GDPR. 

Share this post


Link to post
Share on other sites

More  schadenfreude than funny I guess.

Share this post


Link to post
Share on other sites

Thanks for clarifying. At least we now know you have such feelings.

  • Like 1
  • Haha 2

Share this post


Link to post
Share on other sites
43 minutes ago, szabesz said:

Plain old email (client app) is not GDPR compliant... Client cannot ask you to extract certain data from the db (for analyzing it in excel for example) when they want you to send that data to them in an email because that way of handling data is out of any sort of trackable procedure, so things like asking for all personal data removal will be impossible if fragments of that data can be found all over in various data storage of various software (logs, emails, backups, xls, etc...). Clients cannot just replace their IT infrastructure and habits overnight, it will take decades of software rewriting to get to the level of GRPR and such....

I do not know what will be the outcome of these new laws when they happen to be really forced on us but I'm not optimistic at all.

Ok, that is GDPR-related but in another field. At least it's nothing I came across in the last couple of years. So I don't care much about this part.

But to be honest... regulation of this exact type of irresponsible behaviour and reckless data-sharing is absolutely necessary. 

GDPR isn't that new and data privacy is a main topic for almost a decade here in Germany.

Let's face the truth... companies like the one in your example are the reason for things like GDPR.

  • Like 1

Share this post


Link to post
Share on other sites
54 minutes ago, wbmnfktr said:

Let's face the truth... companies like the one in your example are the reason for things like GDPR.

Sure, and I'm not saying there is something wrong with the intent of GDPR. It is just the ridiculous extent of fines and the unrealistic situation of changing software and habits overnight is what turns it into a big issue. 

54 minutes ago, wbmnfktr said:

data privacy is a main topic for almost a decade here in Germany

Being a topic doesn't mean that the real possibility of this change has been really considered. If European companies are forced out of business just because they cannot comply for various reasons then companies in other countries will profit from disappearing concurrent businesses. If we shoot ourselves into our feet, it's going to hurt us and not others.

Edited by szabesz
typos
  • Like 2

Share this post


Link to post
Share on other sites
1 hour ago, szabesz said:

If we shoot ourselves into our feet, it's going to hurt us and not others.

Bingo!

  • Like 2

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By quickjeff
      Hi Guys, 
      I wanted to start this thread to see what others are doing to make sure they are compliant with GDPR.
      Basically, a ton of websites are built on WordPress and I am seeing tons of plugins being rolled out to help with cookie compliance etc. 
      Processwire however, doesn't have anything available. Also, if we are using FormBuilder, do we need an opt-in checkbox?
    • By Peejay
      Are there already European developers implementing GDPR in their websites ?  The European regulation will be obliged by 28/05/2018.
      What is it?
      https://www.eugdpr.org https://en.wikipedia.org/wiki/General_Data_Protection_Regulation  
       
       
      It will be obliged to encrypt all personal data fields (name, email, phone, address, ... ) from users, and communicate about it. 
      It would be interesting to implement an encryption setting for fields, just like the password field. That way all data in a database will be useless, unless you have a decryption key. 
      I Think it's some stuff to think about, too meet the European regulation and to make Processwire even more secure.
       
       
×
×
  • Create New...