|
|
|
|
|
|
by nynno
3006 days ago
|
|
|
It doesn't have to be a nightmare. GDPR is so big that it has real chances to shape the way how we all think when dealing with personal data, both online and offline. It's a process that will probably take years. During that process, there will undoubtedly emerge a bunch of solutions for different problems caused by GDPR which will lead to a new set of standards and behavior/business patterns. The main problem now is the lack of practice - almost everyone is talking about what GDPR is and what should be done... there is apparent lack of advice coming from real-world practice... yet. And this will also change in time. My opinion is that we all need to be clear about one thing: "why do I need the (personal) data and what will I do with it." Privacy by design. No more "I'll save everything, just in case."
If you can determine what minimal set of personal data you need to collect and why you need that data, you should be fine. It's entirely possible that processing you're about to perform on received personal data can be a legitimate interest. Or contractual. Consent is not necessary for every situation. Different technical and best practice solutions will emerge, some of them will be open-source (like our https://github.com/gdprhq/GdprHq.Io.ClientSdk), some of them will be SaaS solutions (like https://www.gdprhq.io/). Nowadays it's natural to use, for example, MailChimp for sending email campaigns or using Stripe for payments; I believe that similar situation will be with GDPR: solution for cookie consent, privacy policy, data subject requests, consents, ... |
|
|