Hacker News new | ask | show | jobs
by x0x0 3057 days ago
personal data in the GDPR has a very expansive definition, and definitely includes things like IP. Processing likewise has an expansive definition, including collection and recording. Lots of sites will be processing and storing this data for internal analytics.
3 comments
guitarbill 3057 days ago
> Lots of sites will be processing and storing this data for internal analytics.

Just because you can doesn't mean you should. And not asking that questions has got us where we are today.

link
yetanother1980 3057 days ago
Did your customers consent to what is effectively someone following them round the store with a clipboard?
link
bjl 3057 days ago
So just don't do internal analytics. Or, if you feel you must, ask consent first. Easy peasy.
link