Making a website GDPR-compliant, the easy way

The GDPR is a reality. We, the creators and maintainers on the intertubes, finally must acknowledge that collecting, storing, and processing personal data means a liability - to our users. Personally, for me, as a maintainer of several websites, the procedures involved are a headache. But as a user of the Internet, I'm excited for this welcome change.

At $WORK, we have lawyers, policies, contracts & agreements, opt-ins, audits, whateverelses. It's mildly annoying but necessary. It's also factored into our operational costs.

But my personal sites generate no revenue. The maintenance budget is measured with my free time minus my laziness. news.rollc.at has been broken for 9 months now, and my course of action was to read news less. But personal data is a liability, and I really don't feel like dealing with this BS all over again, AFTER I'm done with it at work.

So I'm taking the same approach as I did with cookies.

So hereby, anything and everything *.rollc.at, will no longer collect, store, or process ANY form of personal data, for ANY purpose. A thorough audit showed exactly one place where such data was being collected - visitors' IP addresses, which by default are logged by nginx.

This is how I'm making myself GDPR-ready:

# rm -f /var/log/nginx/*
# ln -s /dev/null /var/log/nginx/access.log
# ln -s /dev/null /var/log/nginx/error.log
# rm /etc/logrotate.d/nginx
# : for good measure
# nginx -s reload

I believe the common measure is to also put a badge of compliance on the landing page, but that would involve extra work.


See this as plaintext. Get the permalink. Check out related. Go home.