|
Some people here have mentioned ignoring it completely in the short term. While I wouldn't recommend this, for a small, personal, non-profit side-project, it is worth mentioning that lot of the checklists and advice out there are: 1. aimed at, at the very least, medium-sized for-profit businesses, and as such include requirements that explicitly don't apply to very small projects 2. very often are trying to sell you something (consulting services, compliance audits, training, etc.) and as such are motivated to make GDPR sound as scary as possible. There is a little more to it than this, but, my advice would be to just be mindful of any info you collect on users. If you are worried about it, you can focus on projects that are open-access or don't necessarily involve accounts and login, but if you are implementing auth, just note what the auth collects, and be careful with it, both in terms of consent and securiy. Don't give it to 3rd-parties (the easiest way to do this is doing things like sending userIds to Google Analytics in custom JS events). Consider whether your small side-project really needs Google Analytics (logging, crash analytics is good for debugging issues, but behavioural analytics is moving towards building a business, imo). Note: I'm not implying side-projects shouldn't be moving toward building a business, but I'm just making the point that if that is your intent, you should be spending a little bit more time considering user privacy and compliance. And getting proper advice about it. You don't even need a DPO for <250 employees, so this really isn't that burdensome. |