I know it is impractical to have a TL;DR of a regulation, as the devil is in details with regulations. But still what are the must haves to comply with GDPR for a side project?
The details are still ambiguous to everyone and we'll see how it's enforced, but the highest-level summary is that the EU is saying that having consumers exchanging their data for services is not an acceptable business model.<p>Advertising is OK, but advertising based on their data is only OK if they opt in and you can't deny service if they choose not to opt in, so basically the law is saying can't trade the service for use of the data.
<a href="https://www.smashingmagazine.com/2018/02/gdpr-for-web-developers/" rel="nofollow">https://www.smashingmagazine.com/2018/02/gdpr-for-web-develo...</a> How about this?