What we should do for creating GDPR compliant websites/apps

October 5th, 2020 · 1 min read

[Photo by Paulius Dragunas on Unsplash]


I am creating a Chrome Extention and website as the main project for practising React.

On the way, I learnt I should implement policies and thought…

“Is it alright just do it🤔? I am creating them in English.”

This research made me wander around on a bunch of websites and books because I was not able to find a piece of covered information well!

Below is a brief summary and I might update later.

What is personal data in GDPR?

Not only name, address etc but also includes IP addresses.

Reference : What is personal data?

What to do for creating GDPR compliant websites/apps

  • implement a privacy policy

  • implement functions (delete / correct / export personal information)

  • check age(need parents’ agreement under 16)

  • keep data minimum (recommend: secure data management)

  • set term for keeping data

  • get agreements from customer (use deferent way depend on the data)

    • cookie banner

    • checkbox

  • appoint a DPO(Data Protection Officer) *for not all entity (ex: for entities who deal with large personal data)

  • representative in GDPR applied area if you are not in there

    *might be needed for google analytics even if anonymize IP address due to the technique of data processing

  • encrypt personal data (recommended)

“I have nothing to do with it!”

It would be the most case so.

It might help you if you are going to work in a large business or an expected firm and avoid to be laid off by GDPR fines or you want to follow the law.

  • check GDPR and the others if you create something in English (I also need to know more)

  • check about the law in your area (There might be a special law and it might be applied even if you create something in the not local language.)

  • ask a lawyer

What I will do then

I found out that there is a way to restrict the GDPR applied area by IP address or show the target customer on a website to avoid it.

It seems not possible to restrict IP by Netlify or Vercel.

I will just show my target customers on the page as the first stage of publishment and it would be the easiest way!

It is best to ask a lawyer, though😅

Let me know if I was something wrong or there is something else need to know from twitter.

Keiko

Creating something by React.
details

More articles