Ask HN: How do I make sure my website is GDPR compliant?

[jbuttwerworth]

Hey folks,

I have a side project (a web app) which requires login via Facebook and Google to work. I intend to release it publicly but before that I want to make sure I'm GDPR compliant.

The web app stores minimal info for the user such as the email (encrypted) and their first name (the data is provided from the social networks I mentioned above).

I looked online for help on how to make sure a web app is GDPR compliant but it's confusing. Is there someone here with actual experience on this who can provide some guidance? Is there an official guide in layman's terms on how to do that?

Thanks

[Nextgrid]

Sounds like you're already compliant. Storing metadata about a registered user is perfectly acceptable under the GDPR for functional & legitimate interest purposes. I would recommend adding a way for a user to delete their account, unless the third-party login provider gives you web hooks on when OAuth consent is revoked in which case you can use that as the signal to delete all PII stored locally.

[runningmike]

Gdpr compliance does not exist and is a long living fad sold by consultancy companies. To make sure you align with gdpr regulations: Just do not store personal data of customers. Never. Most important things to know https://nocomplexity.com/gdpr-principles/