Hello,

GDPR, the EU General Data Protection Regulation and the world’s most comprehensive data privacy law, is the law that worries indie hackers a lot.

It has been made to tackle the Googles and the Facebooks of the world, but it worries independent creators and small businesses way more than the tech giants.

It is not as a big burden as it seems.

In this newsletter, I will explain to you how to determine if the GDPR applies to you at all and if it does apply, what is the minimum you need to comply with.

You can determine that by applying the following formula:

GDPR does not apply to businesses or users. It applies to relationships between them.

In fact, GDPR applies to the relationship where at least one - whether the business or the user (or both) - is from the EU.

If your business is global, then you have to consider compliance with this law. You never know when a user from the EU could land on your website and you could collect and process their personal data.

Independent creators, makers, and freelancers who collect and process personal data subject to the GDPR need at least:

That’s the minimum you need to start.

Later on, you may need to:

These are just the basics. Determining whether GDPR applies to you is only the first step toward compliance.

Also, keep in mind that compliance with the GDPR is the closest you could get to global data privacy compliance. The US laws are the only ones (along with India, for now) that are not similar to the EU standards.

Brazil, Thailand, Canada, Australia, UK, non-EU European countries, South Africa, Mexico, and soon India as well as many others have laws similar to the GDPR and require pretty much the same stuff from your business.

So, unless you are locate din the US and target exclusively the US, consider having a GDPR-compliance privacy policy in place and a means to obtain consent for the use of cookies.

Any questions?

Cheers,

Petar