
Ask HN: What exactly small startup needs to comply GDPR? - iwanteumoney
Let&#x27;s say, I have a website that doesn&#x27;t sell any personal data to third parties, but uses email for registration purposes, stores some user generated content to show and analyses conversion rate with google analytics. What exactly do I need to comply GDPR?
======
ocdtrekkie
My first statement would be: Yesterday was too late to ask this question, GDPR
was passed two years ago.

The most important bit is to have a contact email for privacy issues, where
people can request their data, request deletion of their data, etc. You don't
need an automated system if you aren't getting a volume of requests you can't
handle.

And the other big thing is you need to clearly disclose your vendors. If you
host on a cloud service, use a payment processor, etc, you are sending private
data to those companies, so you need to point to their privacy statements as
well.

If you're US-based, look at Privacy Shield. If all of the data processors you
use also Privacy Shield compliant, getting certified yourself is pretty easy.

