GDPR Compliance Guidelines

[GameTheory]

Over the years I've noticed that many AF members have their own personal sites/blogs to host their android projects (including myself). I'm very interested to hear your strategies to make your site GDPR compliant...

• Did you take ICO self assessment test? And were you exempt?
• Did you seek legal advice and was it expensive?
• Did you simply implement your own methods based on your research. What are those methods?
• Do you think you have a sure shot blueprint you can share? Wouldn't that be awesome!

Anything in your experience you can share would be helpful to any small site webmaster.

What I have done to my site for GDPR compliance...

My sites basic description in the context of GDPR:

• I use google adsense and google analytics
• Membership is only required for posting comments or support. Name and email for membership.

I revised my site privacy policy(PP) with emphasis on the following key points:

1. A PP must let the user know what data you are collecting and why.
2. If using google analytics or adsense you must let the user know even if obvious. These services use cookies, click reporting, demographics/interest reporting, and ip addresses to track users interaction and engagement and personalize ads.
3. Must link from within your PP to "Google Analytics Terms of Service" and "Google Privacy Policy" and "Disabling Cookies".
4. Must provide a way for users to opt out of all analytics tracking, cookies, and personalized ads from within your PP.
5. Must obtain consent to collect any of the above mentioned data from EU users. I'll list the wordpress plugins I used for this in the helpful links below.
6. Make sure to have a support email in your PP for user data requests and deletions.

*** You must also be able to provide on request by a user any and all data that you may have on record for their account. You must also be able to delete that data on request. The latest version of wordpress(4.9.6) makes this possible and easy... ***

From wordpress admin dashboard:

• Tools > Export Personal Data
• Tools > Erase Personal Data
• Settings > Privacy (To help with privacy policy)

Helpful links I used:

• https://support.google.com/adsense/...6643460956657449-352971707&ctx=as2&hl=en&rd=1
• https://support.google.com/analytics/answer/2700409?hl=en&utm_id=ad
• https://www.google.com/about/company/user-consent-policy.html
• https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/

Wordpress plugins I used:

• https://wordpress.org/plugins/cookie-notice/
• https://wordpress.org/plugins/category-country-aware/

*** The 2nd plugin is a companion for the first plugin to make the cookie notice only appear for the EU users. ***

The above is by no means full proof, but it will help set you on the right path towards GDPR compliance. I will still continue to research and update this post with any new findings and adjustments I make to my site.