Random question.<p>I'm a non-EU national. But I do have an EU-based client.
Today I was asked in an email whether his website complies with GDPR standards and I should make it GDPR if it doesn't. (I haven't replied yet)<p>It was never discussed previously so I will have to add to the scope / quote extra because there's some missing features like delete / view data + account / suppose cookies, etc. This is just judging from doing a quick google search based on the requirements.<p>Although I did recommend some of these features in the past (Me trying to scope more development hours - he said leave it to save $$$).<p>Just to know, at the end of the day, should developer take the GDPR responsibility?<p>I think it's more a matter of, he should probably consult a lawyer first, tell me what needs to be done to make it compliant and then we go from there - not the other way around.<p>Thoughts?
Your question is legitimate and I think it's like a car or any other product who are responding to a lot of laws and rules and that is new in computer development.<p>When there are a law/rule, you need to take it into account and so add it in your scope for the client EU and no EU, because we never know who have access to the site. And in any case, you need to mention it to your customer if your website is or not GDPR compliant because if you don't say it to your customers may be he can attack you if they have issue with the compliance.<p>So protect yourself and say it to your client that was not into the scope and so it's a new feature that he need to pay for