
Ask HN: What are the implications of the EU's GDPR on small startups? - ahreftag
I&#x27;ve been reading about the European Union&#x27;s General Data Privacy Regulation (GDPR) and one the things that astonished me is the amount of regulatory red tape that it adds to small startups or side projects that have  European customers.
Given that, I have started to feel that if enforced, the GDPR could probably mean starting out a one person side project&#x2F;or a startup that collects EU based user&#x27;s personal info into a total nightmare.<p>While I am not a lawyer, it would be great to know what the broader community thinks about it.
======
nynno
It doesn't have to be a nightmare. GDPR is so big that it has real chances to
shape the way how we all think when dealing with personal data, both online
and offline. It's a process that will probably take years. During that
process, there will undoubtedly emerge a bunch of solutions for different
problems caused by GDPR which will lead to a new set of standards and
behavior/business patterns.

The main problem now is the lack of practice - almost everyone is talking
about what GDPR is and what should be done... there is apparent lack of advice
coming from real-world practice... yet. And this will also change in time.

My opinion is that we all need to be clear about one thing: "why do I need the
(personal) data and what will I do with it." Privacy by design. No more "I'll
save everything, just in case." If you can determine what minimal set of
personal data you need to collect and why you need that data, you should be
fine. It's entirely possible that processing you're about to perform on
received personal data can be a legitimate interest. Or contractual. Consent
is not necessary for every situation.

Different technical and best practice solutions will emerge, some of them will
be open-source (like our
[https://github.com/gdprhq/GdprHq.Io.ClientSdk](https://github.com/gdprhq/GdprHq.Io.ClientSdk)),
some of them will be SaaS solutions (like
[https://www.gdprhq.io/](https://www.gdprhq.io/)). Nowadays it's natural to
use, for example, MailChimp for sending email campaigns or using Stripe for
payments; I believe that similar situation will be with GDPR: solution for
cookie consent, privacy policy, data subject requests, consents, ...

