
Ask HN: Are there any useful GDPR references? - kingofspain
I’m in the early stages of building a SaaS in the UK but finding it quite tricky to find any useful actionable information on dealing with the GDPR. The official stuff is a bit vague &amp; at least to me, difficult to translate to my use case - and any search is plagued with consultancy-spam or blog spam rehashes of what must have been a single useless source from antiquity. Closest I could find to what I’m looking for is https:&#x2F;&#x2F;www.hallaminternet.com&#x2F;how-to-make-your-website-gdpr-compliant&#x2F;<p>Has anyone found any other good guides? Ideally as they’d relate to SaaS but anything similar that could translate is good too.
======
idoh
Can you give some examples of what you are worried about? I’m a PM working on
GDPR issues for the SaaS company I work for, maybe I can give some pointers,
but I need more details.

In the dark, common issues are around consent of collection of personal data
(including cookies) and Right of erasure. Anyway, I’ve found the actual text
of the GDPR to be the best resource to be honest.

------
thexa4
I used
[https://en.wikipedia.org/wiki/General_Data_Protection_Regula...](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation)
and [https://iapp.org/news/a/top-10-operational-impacts-of-the-
gd...](https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-
part-3-consent/)

Easiest way to comply is not storing any identifiable data unless absolutely
necessary for your service.

You can still collect anonymous statistics if you apply techniques like
k-anonymity to make sure you can't deanonymize it.
([https://iapp.org/news/a/top-10-operational-impacts-of-the-
gd...](https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-
part-8-pseudonymization/))

------
jimnotgym
I have been curating resources for this for a while. I'm hoping to get at
least some of them online this weekend. I have already noticed that there are
some opinions coming out which are more prescriptive than the actual GDPR
text. A lot of it is FUD from IT service providers. I'm hoping to focus on
interpretation, grey areas and materials for non-power-users rather than
replicate the source material below

The three best resources for a high level user I have found are (in no
particular order)

1) Wikipedia as others have said

2) ico.org.uk

3) The GDPR itself

Best tip I can offer is that if your business is not the personal data itself,
simply acting in good faith is going to get you 95% of the way to compliance

------
dodgyb
A good reference is the Information Commissioner's Office. They are charged
with enforcing the regulation:

[https://ico.org.uk/for-organisations/guide-to-the-general-
da...](https://ico.org.uk/for-organisations/guide-to-the-general-data-
protection-regulation-gdpr/)

For a summary of concerns that may be pertinent to your use case - General
Data Protection Regulation (GDPR) for Identity Architects:

[https://medium.facilelogin.com/gdpr-for-identity-
architects-...](https://medium.facilelogin.com/gdpr-for-identity-
architects-1a6423759d30)

------
mtmail
[https://postmarkapp.com/blog/gdpr-get-
ready](https://postmarkapp.com/blog/gdpr-get-ready)

