I’m in the early stages of building a SaaS in the UK but finding it quite tricky to find any useful actionable information on dealing with the GDPR. The official stuff is a bit vague & at least to me, difficult to translate to my use case - and any search is plagued with consultancy-spam or blog spam rehashes of what must have been a single useless source from antiquity. Closest I could find to what I’m looking for is https://www.hallaminternet.com/how-to-make-your-website-gdpr-compliant/<p>Has anyone found any other good guides? Ideally as they’d relate to SaaS but anything similar that could translate is good too.
Can you give some examples of what you are worried about? I’m a PM working on GDPR issues for the SaaS company I work for, maybe I can give some pointers, but I need more details.<p>In the dark, common issues are around consent of collection of personal data (including cookies) and Right of erasure. Anyway, I’ve found the actual text of the GDPR to be the best resource to be honest.
I used <a href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation" rel="nofollow">https://en.wikipedia.org/wiki/General_Data_Protection_Regula...</a> and <a href="https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-3-consent/" rel="nofollow">https://iapp.org/news/a/top-10-operational-impacts-of-the-gd...</a><p>Easiest way to comply is not storing any identifiable data unless absolutely necessary for your service.<p>You can still collect anonymous statistics if you apply techniques like k-anonymity to make sure you can't deanonymize it. (<a href="https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-8-pseudonymization/" rel="nofollow">https://iapp.org/news/a/top-10-operational-impacts-of-the-gd...</a>)
I have been curating resources for this for a while. I'm hoping to get at least some of them online this weekend. I have already noticed that there are some opinions coming out which are more prescriptive than the actual GDPR text. A lot of it is FUD from IT service providers. I'm hoping to focus on interpretation, grey areas and materials for non-power-users rather than replicate the source material below<p>The three best resources for a high level user I have found are (in no particular order)<p>1) Wikipedia as others have said<p>2) ico.org.uk<p>3) The GDPR itself<p>Best tip I can offer is that if your business is not the personal data itself, simply acting in good faith is going to get you 95% of the way to compliance
A good reference is the Information Commissioner's Office. They are charged with enforcing the regulation:<p><a href="https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/" rel="nofollow">https://ico.org.uk/for-organisations/guide-to-the-general-da...</a><p>For a summary of concerns that may be pertinent to your use case - General Data Protection Regulation (GDPR) for Identity Architects:<p><a href="https://medium.facilelogin.com/gdpr-for-identity-architects-1a6423759d30" rel="nofollow">https://medium.facilelogin.com/gdpr-for-identity-architects-...</a>