GDPR for side-projects? Blocking all EU traffic with Nginx in 3 simple steps

But for compliance many interpretations say it&#x27;s EU &#x2F;citizens&#x2F;; I don&#x27;t think there are 3 simple steps to block any EU citizen...<p>I&#x27;m sure many Governments would <i>love</i> to be able to so simply identify what their citizens do online though.

Unless your side project is a Bot-Net this article seems very FUDDY...

While this sounds like an overreaction, I question the breadth of this method (unrelated to the reliability of IP address origin).<p>&gt; This tells nginx to assign the $allow_visit variable a 0 for any users the GeoIP database specifies as coming from the “EU” continent.<p>Europe is the continent. The EU does not encompass all European countries. Doesn&#x27;t this needlessly block non-EU European countries?

Geo IP blocking will not block the EU citizens that are not physically in the EU at the time.<p>Just for fun, I would add<p><pre><code> server { # snip.... access_log off; error_log off; return 307 https:&#x2F;&#x2F;www.google.com&#x2F;search?q=gdpr; } </code></pre> That should block anyone that might be a EU citizen. &#x2F;s

Along with the author, I am hesitant to needlessly follow regulations which only apply to a small portion of global population of which I am not a part. Especially since there are simple ways to sidestep the liability.<p>This, however, does give me an idea. Does anyone have an interest in a web framework which provides user&#x2F;data management in a gdpr compliant way?

This seems to be flawed logic, many EU devices have IP addresses from non EU address blocks.<p>Assuming there is any significant adoption of your proposed solution to avoid GDPR rules the likelyhood is EU citizens will use VPN or Proxy services to bypass the restrictions.<p>I don’t think the use of a VPN would remove the GDPR obligations on the data controller or data processor.

If you have a side project that siphons personal information from people for no reason, then maybe the gdpr isn’t the problem...

What would be a GDPR-compliant yet useful access_log setting?

HN crowd loves GDPR, so get ready for this never making to the front page.