
Ask HN: How do I make sure my website is GDPR compliant? - jbuttwerworth
Hey folks,<p>I have a side project (a web app) which requires login via Facebook and Google to work. I intend to release it publicly but before that I want to make sure I&#x27;m GDPR compliant.<p>The web app stores minimal info for the user such as the email (encrypted) and their first name (the data is provided from the social networks I mentioned above).<p>I looked online for help on how to make sure a web app is GDPR compliant but it&#x27;s confusing. Is there someone here with actual experience on this who can provide some guidance? Is there an official guide in layman&#x27;s terms on how to do that?<p>Thanks
======
Nextgrid
Sounds like you're already compliant. Storing metadata about a registered user
is perfectly acceptable under the GDPR for functional & legitimate interest
purposes. I would recommend adding a way for a user to delete their account,
unless the third-party login provider gives you web hooks on when OAuth
consent is revoked in which case you can use that as the signal to delete all
PII stored locally.

------
runningmike
Gdpr compliance does not exist and is a long living fad sold by consultancy
companies. To make sure you align with gdpr regulations: Just do not store
personal data of customers. Never. Most important things to know
[https://nocomplexity.com/gdpr-principles/](https://nocomplexity.com/gdpr-
principles/)

