4

Here we go. GDPR(?) again.

Don't know where to ask this kind of stuff, SO is prolly too much and from my experience, you guys here always gave the best answers to stuff..

I'm currently working on a website as a project for finals (it's called Maturita/SOČ here :/) and it's supposed to be a dasboard where teachers can add some info about upcoming stuff and shit like that. Few things: No frameworks, just JS, PWA and Firebase. I've been hearing a lot of stuff about GDPR that I should comply with it and so on.

Here's the question: It's PWA and the data is currently stored in localStorage and planning to sync it to Firebase. What I store is name of the school, few URLs they enter in and the information they provide, like the upcoming events and such. Should I worry about GDPR in this case, and if so, what can I do?

Comments
  • 3
    Unless you store personally identifiable information GDPR should not matter. Its all about personal integrity and if no personal information is stored its not applicable.

    If there are teacher names or contact information you probably should make sure they actively give you consent to store it.
  • 2
    First of all most of us (if any) are lawyers. Personally Ive read both the EU "sample" text and the dutch implementation of it.

    First of all, do you store any personal information? This includes email addresses, names, usernames, profile pictures etc.
    If not GDPR does not apply to you.

    If so it does apply and you need to be able to explain why you need that information and how it will be processed. Also if the user requests their information you need to supply it in a format which could be imported by another system (json for example*). Also the information should be deleted or made anonymous if the user wants it to be.

    *what is a good format?
    if a facebook users wants its data a PDF is not the correct format. The chats, friendlist, etc cannot be used for importing when in a PDF file. JSON, XML or other dataformats would be fine.

    --

    To be continued
  • 0
    Again, not a lawyer, but in general: follow the above guidelines and in a worst case scenario the local GDPR authority would give you a warning to fix it in a decent amount of time.
  • 1
    @Codex404 I've added some information about how the data is used and JSON import / export stuff. There's also an option to remove everything stored and such. Thank you for the explanation, @Codex404 and @Voxera
  • 3
    @Codex404 about the removal of data, this will not affect data you need to live up to laws and regulation and also, some times you might have more valid reasons to keep data.

    For example, if some one was banned for violating terms, they can usually not demand that you delete the record and cause for banning them.

    So for any significant amount of personal data, make sure to read up on valid examples or contact a good lawyer to help you define routines for handling it.
  • 1
    I can check the ToS and PP of the project I am currently working on, my client went to a lawyer to get it written so he probably knows what needs to be done. But as you are storing only public information you should be absolutely fine without worrying about GDPR... honestly all this legislation only adds more work to already overworked developers and does not really have any benefits... unless of course we are talking about big data collecting companies like Facebook... but then again these companies have probably the best lawyers in the world so they can just circumvent the GDPR.

    Jednoducho to ignoruj, pokiaľ neukladáš osobné info ako dátumy narodenia a podobne tak je to v pohode.
    Ale nezabudni na cookie consent ;) (firebase okrem local storage používa aj cookies)

    PS: firebase je veľmi užitočné - až kým sa ho nesnažíš použiť na niečo na čo nebolo určené :D
  • 0
    @bytecode how can one say that its fine to abuse personal data unless its a big company? Abuse of data is never fine.
  • 0
  • 0
    @bytecode you are saying it does not have benefits besides for protection against google and facebook and the like.

    How does that work? Not minding if a small company sells your data but minding a big company does?
  • 0
    @Codex404 you clearly misunderstood what I wrote
  • 0
    @bytecode feel free to explain
Add Comment