Complete guide to GDPR compliance

Warning: The privacy notice template on this site (<a href="https:&#x2F;&#x2F;gdpr.eu&#x2F;privacy-notice&#x2F;" rel="nofollow">https:&#x2F;&#x2F;gdpr.eu&#x2F;privacy-notice&#x2F;</a>) omits basic mandatory elements (e.g. retention periods, right to lodge a complaint). The template&#x27;s section on cookies is insufficient and misleading. Cookies are regulated by a different law (the ePrivacy Directive) and their explanation does not go into these rules at all.<p>As frereubu notes elsewhere in this thread, the UK regulator&#x27;s GDPR guide is excellent, and is a much better starting point in my opinion: <a href="https:&#x2F;&#x2F;ico.org.uk&#x2F;for-organisations&#x2F;guide-to-data-protection&#x2F;guide-to-the-general-data-protection-regulation-gdpr&#x2F;" rel="nofollow">https:&#x2F;&#x2F;ico.org.uk&#x2F;for-organisations&#x2F;guide-to-data-protectio...</a>

&gt; GDPR.EU is a website operated by Proton Technologies AG, which is co-funded by Project REP-791727-1 of the Horizon 2020 Framework Programme of the European Union. This is not an official EU Commission or Government resource. The europa.eu webpage concerning GDPR can be found here. Nothing found in this portal constitutes legal advice.

If you want to read an excellent guide on GDPR from a regulatory authority (i.e. an organisation that is actually tasked with implementing the legislation) the UK&#x27;s ICO website is the best place. It uses plain English as far as possible while not oversimplifying things to the point of uselessness.<p><a href="https:&#x2F;&#x2F;ico.org.uk&#x2F;for-organisations&#x2F;guide-to-data-protection&#x2F;guide-to-the-general-data-protection-regulation-gdpr&#x2F;" rel="nofollow">https:&#x2F;&#x2F;ico.org.uk&#x2F;for-organisations&#x2F;guide-to-data-protectio...</a>

They have Google Analytics enables without consent and in the privacy policy they claim this:<p>&gt;&gt; “<i>Google Analytics does not identify individual users or associate your IP address with any other data held by Google.</i>”<p>This is wrong, GA may anonymize IPs, however they drop a tracking cookie in order to identify unique visitors.<p>Tracking cookies under the GDPR fall under “personal data”, even if they are pseudo-anonymous. Also note that usage of Google Analytics cannot be a “legitimate purpose”.<p>So is this legal what they are doing? Or what am I missing?

Ironic that a site about GDPR compliance has 6 potential trackers according to Privacy Badger.

The checklist especially is a great resource IMO: <a href="https:&#x2F;&#x2F;gdpr.eu&#x2F;checklist&#x2F;" rel="nofollow">https:&#x2F;&#x2F;gdpr.eu&#x2F;checklist&#x2F;</a><p>Also shows how much of this is truly just sensible privacy protections.

Are IP addresses personally identifiable information under GDPR?

if you&#x27;re running a SaaS or software company, we compiled an abridged version of the full GDPR text that is only 34 pages in this format, very easy to consume: <a href="https:&#x2F;&#x2F;www.enterpriseready.io&#x2F;GDPR-abridged-text-for-SaaS-Cos.pdf" rel="nofollow">https:&#x2F;&#x2F;www.enterpriseready.io&#x2F;GDPR-abridged-text-for-SaaS-C...</a><p>if you want to read the full thing, we created a quick guide for understanding which sections you might want to skim: <a href="https:&#x2F;&#x2F;www.enterpriseready.io&#x2F;gdpr&#x2F;how-to-read-gdpr&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.enterpriseready.io&#x2F;gdpr&#x2F;how-to-read-gdpr&#x2F;</a>

Oh, so now strangers can claim their rights on my mailbox, good times. I&#x27;m happy I&#x27;m a private person (and that lawgivers decided to spare ordinary people for now).

A much better and complete checklist tool is available at <a href="https:&#x2F;&#x2F;autoprivacy.eu" rel="nofollow">https:&#x2F;&#x2F;autoprivacy.eu</a>

Simple, block the EU, problem solved.

My guide to being GDPR compliant: don&#x27;t do business in the EU.<p>Much simpler.

I can&#x27;t believe people would even consider foreign laws apply to US small businesses that operate solely in the U.S.<p>Edit: no you don&#x27;t need a guide on how to comply. No you don&#x27;t need to pay some consultant to see if you are compliant. Simply ignore.<p>Edit 2: to comply means you except all foreign laws and rule.

GDPR is unfortunately a paper tiger I have come to realize. The only thing that impresses Americans is a bit of good old violence. And the EU simply doesn&#x27;t have the balls to drag executives off their private jets and drop them in a secret prison.