Jump to content

Useful GDPR Checklists


Sandra Morgan
 Share

Recommended Posts

Hi,

As a small business owner I am interested in sourcing as many GDPR Checklists as possible because I'm keen to make my business compliant myself. So far I have came across this one.  https://www.infinitygroup.co.uk/gdpr-checklist/ Has anyone found any others useful that they can share with me?

Edited by cstevensjr
Removed link, kept URL
Link to comment
Share on other sites

27 minutes ago, pwired said:

Can we still make websites without the EU hunting us down ?

Building a website is not the problem. Running a business with it can become the problem.

Collecting e-mail addresses, tracking visitors and monitoring visitor-behaviour, combining it with 3rd parties like Facebook and ad networks will be a much bigger thing now.

Cookie permissions here, double-opt-in there, and so on... it will be much more challenging than before. 

 

Don't know anything special about sources in Spain, UK, US but here in Germany there are some lawyers offering (free and paid) help for all kinds of businesses.

Just to name two I prefer: https://www.e-recht24.de/ and https://drschwenke.de/

And as always with legal stuff: lawyers are my one and only trusted source.

Not other companies (like the one above) that offer checklists, guides and tutorials. 

  • Like 5
Link to comment
Share on other sites

In some cases it is much work to do, for the own business (not related to web business, only) and for building websites. But building or adapting websites for clients to become gdpr compliant is nice, as you now can acquire some extra paid work. 😀

In the near future, we have to build new sites gdpr compliant from start up. 

In regard of only trust the lawyers, I have mixed feelings. Sure you can find some usefull infos on eRecht24, but they also claim without warranty. 😄 And the free generators are very basic. I got me a premium account there, and found some more in depth information. But I think it is important to get the hands dirty by walking through a lot of texts and finding out what is important for one self.

Link to comment
Share on other sites

16 minutes ago, horst said:

as you now can acquire some extra paid work.

In short term. In the long term if small business close down in great numbers because of GDPR fines they cannot pay then we might end up with less paid work opportunities. Every dime has two sides...

Link to comment
Share on other sites

Making sites GDPR compliant... this is a thing I'm careful with.

Knowing what to for each client because of an audit or a lawyer who looked into it will work. No doubt. You do what a professional and reliable source said to make a site compliant.

But I personally have not and will not tell a client what to do or what not to do. I know some things (probably more than any client and some "experts" out there) but stating and offering GDPR compliant sites can get me into trouble. I'm not a lawyer I can't offer legal advise at all.

The without warranty-thing that eRecht24 does is fine. They offer generators and therefore legal texts based on your input. 
Asking a lawyer (or better lawyers) to check and create everything for you will cost you a lot of money but then you will get a warranty too.

Providing design works, logic and functionality will almost stay the same. Being GDPR compliant from start can and will be tricky.

At some point someone has to ask a lawyer.
At some point you have to stop implementing third parties.
At some point other GDPR-related things kick in (like the Datenschutzbeauftragter) and the developer isn't the right person for that detail anymore.

As developers we can't handle every aspect of the GDPR and things that will come.

 

But yes... getting our hands dirty will come and it's necessary. Necessary for good and trusted developers.

  • Like 1
Link to comment
Share on other sites

5 minutes ago, wbmnfktr said:

At some point you have to stop implementing third parties.

This is my main concern, in general. You see, all the software we and our clients use is third party, not to mention hardware. We just add a bunch of code on top of lots of underlying systems. So now what?

  • Like 1
Link to comment
Share on other sites

I'm not talking about all kinds of third party software. Just a few.

We may have to stop ourselves and our clients from using third party things like:

  • Google Analytics
  • Google Adsense
  • Google Fonts
  • Typekit and similar services
  • Ad networks
  • Facebook Pixel
  • Hotjar
  • Hubspot
  • Social Widgets
  • Free CDNs
  • ... and so on

At least as we used it in the past.

There are GDPR compliant ways of using Analytics, Retargeting, Monetizing and whatever. But it's work now.

  • Like 1
Link to comment
Share on other sites

Plain old email (client app) is not GDPR compliant... Client cannot ask you to extract certain data from the db (for analyzing it in excel for example) when they want you to send that data to them in an email because that way of handling data is out of any sort of trackable procedure, so things like asking for all personal data removal will be impossible if fragments of that data can be found all over in various data storage of various software (logs, emails, backups, xls, etc...). Clients cannot just replace their IT infrastructure and habits overnight, it will take decades of software rewriting to get to the level of GRPR and such....

I do not know what will be the outcome of these new laws when they happen to be really forced on us but I'm not optimistic at all.

Link to comment
Share on other sites

Link to comment
Share on other sites

As someone who has had his hands tied behind his back due to USA HIPAA laws and regulations, I am having some fun listening to everyone panic about how they have to comply now with GDPR. 

Link to comment
Share on other sites

43 minutes ago, szabesz said:

Plain old email (client app) is not GDPR compliant... Client cannot ask you to extract certain data from the db (for analyzing it in excel for example) when they want you to send that data to them in an email because that way of handling data is out of any sort of trackable procedure, so things like asking for all personal data removal will be impossible if fragments of that data can be found all over in various data storage of various software (logs, emails, backups, xls, etc...). Clients cannot just replace their IT infrastructure and habits overnight, it will take decades of software rewriting to get to the level of GRPR and such....

I do not know what will be the outcome of these new laws when they happen to be really forced on us but I'm not optimistic at all.

Ok, that is GDPR-related but in another field. At least it's nothing I came across in the last couple of years. So I don't care much about this part.

But to be honest... regulation of this exact type of irresponsible behaviour and reckless data-sharing is absolutely necessary. 

GDPR isn't that new and data privacy is a main topic for almost a decade here in Germany.

Let's face the truth... companies like the one in your example are the reason for things like GDPR.

  • Like 1
Link to comment
Share on other sites

54 minutes ago, wbmnfktr said:

Let's face the truth... companies like the one in your example are the reason for things like GDPR.

Sure, and I'm not saying there is something wrong with the intent of GDPR. It is just the ridiculous extent of fines and the unrealistic situation of changing software and habits overnight is what turns it into a big issue. 

54 minutes ago, wbmnfktr said:

data privacy is a main topic for almost a decade here in Germany

Being a topic doesn't mean that the real possibility of this change has been really considered. If European companies are forced out of business just because they cannot comply for various reasons then companies in other countries will profit from disappearing concurrent businesses. If we shoot ourselves into our feet, it's going to hurt us and not others.

Edited by szabesz
typos
  • Like 2
Link to comment
Share on other sites

  • 3 weeks later...
  • 2 years later...
 Share

×
×
  • Create New...