nynno | 8 years ago | on: Ask HN: GDPR and gaming analytics
nynno's comments
nynno | 8 years ago | on: Ask HN: What are the implications of the EU's GDPR on small startups?
It doesn't have to be a nightmare. GDPR is so big that it has real chances to shape the way how we all think when dealing with personal data, both online and offline. It's a process that will probably take years. During that process, there will undoubtedly emerge a bunch of solutions for different problems caused by GDPR which will lead to a new set of standards and behavior/business patterns.
The main problem now is the lack of practice - almost everyone is talking about what GDPR is and what should be done... there is apparent lack of advice coming from real-world practice... yet. And this will also change in time.
My opinion is that we all need to be clear about one thing: "why do I need the (personal) data and what will I do with it." Privacy by design. No more "I'll save everything, just in case." If you can determine what minimal set of personal data you need to collect and why you need that data, you should be fine. It's entirely possible that processing you're about to perform on received personal data can be a legitimate interest. Or contractual. Consent is not necessary for every situation.
Different technical and best practice solutions will emerge, some of them will be open-source (like our https://github.com/gdprhq/GdprHq.Io.ClientSdk), some of them will be SaaS solutions (like https://www.gdprhq.io/). Nowadays it's natural to use, for example, MailChimp for sending email campaigns or using Stripe for payments; I believe that similar situation will be with GDPR: solution for cookie consent, privacy policy, data subject requests, consents, ...
nynno | 8 years ago | on: Ask HN: Why are law documents (GDPR) so difficult to understand?
My favorite website is this: https://ico.org.uk/for-organisations/data-protection-reform/...
They have explained GDPR in reasonably everyday language, with checklists and examples. That site should be your first choice.
If you are a developer, you should check https://github.com/gdprhq/GdprHq.Io.ClientSdk - you can find interfaces and default implementations. For example, to implement the right to erasure (to be forgotten) in your app, you'll need to erase personal data and to inform an individual that you've done so. Even though actual erasure might be tricky, at least you know what you need to implement to be compliant. However, note that having the app GDPR compliant isn't the same as having the business compliant; primarily, GDPR is a set of rules and processes that apply to organizations.
nynno | 8 years ago | on: Multilingual GDPR Lexicon
I like the idea :)
nynno | 8 years ago | on: Ask HN: How do you prepare for GDPR?
We're a software company, we decided to educate our own DPO. While learning about GDPR and preparing our processes and applications, we developed a solution which can help other companies to comply.
It's still in a beta and it's open source: https://github.com/gdprhq/GdprHq.Io.ClientSdk
For us, it helps a lot to see the actual source code and links between methods and articles from the GDPR.
To be ready for GDPR, we have several things on our to-do list: 1. prepare business processes, identify personal data, processors, processing activities and lawful basis, etc. 2. modify our internal applications to make them compatible with GDPR (data subject requests, e.g. right to be forgotten); internal applications are the one we develop for our own usage, e.g. for quotes, invoices, subscriptions and similar 3. assure that processors we're sending personal data are working on compliance, e.g. SaaS services we're using for website visitor analytics, mail campaigns, etc. 4. modify applications we're selling to our customers; it's also important to ensure that apps we're selling are GDPR compliant if our customers will store their personal data in them
Developing our own solution was the best way to learn GDPR :)
nynno | 8 years ago | on: A starter kit for making your application compliant with EU GDPR
Anyone interested to join as a beta tester?
nynno | 8 years ago | on: GDPR – A Practical Guide for Developers (2017)
We've created an open-source client SDK as a starter kit for making apps compliant with EU GDPR: https://github.com/gdprhq/GdprHq.Io.ClientSdk
Anyone interested in beta testing/integration?
nynno | 8 years ago | on: Ask HN: GDPR. Social instability if the major companies cut their services off?
All of these companies are already preparing for the GDPR, they've been fined in the past by the EU and are taking GDPR compliance very seriously.
nynno | 8 years ago | on: Ask HN: How to comply with EU GDPR?
They have the mechanisms to force (EU) law compliance, so far big enterprises (e.g., Amazon, Facebook, Google, ...) has been fined with billions of EUR, even though these companies are from the States.
I believe that micro/small business, if not inside the EU, can go under the radar.
However, GDPR is so big, and it's here to stay, and my opinion is that will, in the years to come, the way how companies handled personal data, not only for EU citizens.
One interesting aspect of the GDPR is that you, for example, as a processor, must be compliant so that I, as a controller, will work with you. If you think about that, it will soon be evident that GDPR compliance can be strictly a business decision, like ISO certification.
page 1
The central question for you should be: is it possible to identify a natural person from the data you're processing? If it's randomly generated ID and if no-one (including you and your employees) can identify an individual from that ID (or other data you're storing/processing) then you should be on a safe side, and GDPR should not apply to you.
However, if it is possible to identify an individual from the ID (other data), then you should comply with the GDPR. In that case, you should determine a lawful basis for processing (e.g., legitimate interest, consent), possibly ask for consent, ensure that a data subject knows what his rights are (e.g., right to be informed, to rectification, data erasure, etc.)
My favorite GDPR resource is: https://ico.org.uk/for-organisations/guide-to-the-general-da... For basics, take a look here: https://www.gdprhq.io/post/how-the-new-european-general-data...