is it gdpr compliant?

[Photogad]

is it gdpr compliant?

[nisrulz]

No, it is not. I am not a lawyer, so I would need some help to make it work with GDPR. Your question is valid and this was on my mind, I just haven't found anything. If you have a reference document for me to make this better and GDPR compliant please share it with me.

Thank you

[vanniktech]

I'd say the first step is to also include the GDPR reference links for each third party service. Unfortunately I don't have much more information and was hoping this was already figured out here.

[nisrulz]

I have had some time to read up on the GDPR side of things and as @vanniktech suggested, I was going to add GDPR reference links soon. This part should be done this week itself.

Thank you for your valuable feedback/suggestions.

[xsellier]

@nisrulz Thank you for your valuable work here, you saved me a lot of time. Im wondering if you will update this repository soon (meaning I will be able to use your awesome work before GDPR become mandatory) ?

[nisrulz]

@xsellier I am pushing an update this weekend. Monday is also a holiday, so hopefully, I will have enough time to work on this and other OSS stuff.

Thank you for your kind words and using my web app.

[xsellier]

@nisrulz Sorry to bother you, but do you have any news on this issue ?

[DanielScholte]

@nisrulz When can we expect the update for GDPR?

[thelittlefireman]

Thanks for this amazing generator ! Any news about GDPR ? Do you need help for doing this ? Thanks Thomas

[nisrulz]

I could certainly use some help. I have a stash of code changes which makes the privacy policy my web app generates GDPR compliant, but it is not clean. Will give it another shot. If not will mark this issue for further help.

[thelittlefireman]

okay :) i will try to do something, but with my bad english and my poor legal knowledge i don't promise anything ...😄

[bmv-2143]

Hi!

Thank you very much for your awesome generator app!

If you have a reference document for me to make this better and GDPR compliant please share it with me.

There is a service that provides free GDPR Privacy Policy generation: https://termly.io/privacy-policy/privacy-policy-generator/ It has lots of options, but they give back only a link to their website and they don't give you the text that you can copy or download (at least in the free version). Maybe it can help you somehow or serve you as a reference.

[pwespi]

If you have a reference document for me to make this better and GDPR compliant please share it with me.

This site might be helpful: https://gdpr.eu/

[mding5692]

Searched through https://gdpr.eu and I think this is what you need, thanks @pwespi

See: https://gdpr.eu/privacy-notice/

From GDPR website: A privacy notice is a public document from an organization that explains how that organization processes personal data and how it applies data protection principles. Articles 12, 13, and 14 of the GDPR provide detailed instructions on how to create a privacy notice, placing an emphasis on making them easy to understand and accessible. If you are collecting data directly from someone, you have to provide them with your privacy notice at the moment you do so. Note that the terms “privacy notice” and “privacy policy” do not actually appear in the text of the GDPR and are essentially interchangeable

This is their example pdf with list of questions that need to be answered, think you just stick it with the privacy policy: https://gdpr.eu/wp-content/uploads/2019/01/Our-Company-Privacy-Policy.pdf

hope that helps @nisrulz

Basically have to ask these questions on generator when asking questions:

• What data do we collect?
• How do we collect your data?
• How will we use your data?
• How do we store your data?
• Marketing: Is the company going to send you information about products and services of theirs as well as those of partner companies and list which partners.
• What are your data protection rights?
• What are cookies?
• How do we use cookies?
• What types of cookies do we use?
• How to manage your cookies
• Privacy policies of other websites
• Changes to our privacy policy
• How to contact us
• How to contact the appropriate authorities

Also they have a section on not using vague terms like so:

Privacy notices should avoid using qualifiers such as “may,” “might,” “some,” “often,” etc. as they are purposefully vague

So have to be direct and specific with everything

[nisrulz]

This sounds more useful. I will take a look into this. Thank you @mding5692 👍

[mding5692]

Also @nisrulz

Will have to fill in or include these forms/agreements as well as Privacy Notice to be GDPR-compliant:

Data Processing Agreement: Part of terms and conditions https://gdpr.eu/data-processing-agreement/ Example template

Right to Erasure Request Form Given to app users, just have to make the form in similar format and give to users to sign when they want to delete their data https://gdpr.eu/right-to-erasure-request-form/ Example template

[mding5692]

I'm figuring out GDPR compliance for my company as well so I think can help out with PR or any changes while I'm figuring it out for my company.

[nisrulz]

The new webapp is released with GDPR policy template.

Closing this as it is implemented. Open new issue to start a new thread relating to new version of webapp.