
Are you Managing GDPR yourself? - dhumph
A question for other small biz saas’s..  are you managing any changes required for GDPR yourself or are you hiring a consultant to advise?<p>I’m trying to judge the risks of managing the changes myself versus the costs of looking for someone to help advise.  How are others managing this?<p>Has anyone used a consultant they would recommend?
======
ezekg
I've been managing it myself over the past couple months mainly by working on
getting my privacy policy and terms of service updated to cover GDPR, and how
that affects both EU and non-EU customers (I'm applying GDPR to all customers,
because I think privacy is important, and because it's easier to implement
when it's "across the board").

Updates include things like a detailed disclosure of all data that is
collected that could be considered PI (IPs, machine fingerprints, names,
emails, etc.), GDPR-related requests, the third parties (sub-processors) I use
to run my business, and the responsibilities of my company as a data
processor, and my customers' responsibilities as data controllers.

I've been looking over a lot of other GDPR privacy policies and terms as
inspiration, so I know what needs to be covered for my particular business, to
see how they go about structuring their contracts, etc.

That, and I have been implementing adjustments to data retention (logs,
backups, etc.), explicit consent, record deletion (luckily I never did soft
deletes), etc.

I may hire a tech lawyer to look it over after I'm done and recommend that I
make adjustments where needed.

~~~
dhumph
Thanks! I looked at your profile and checked out the pages you list - when i
click the privacy in the footer of the home page i got a 404.

[https://travelalpacamybags.com/privacy](https://travelalpacamybags.com/privacy)

btw, love the site design!

------
cimmanom
We're getting advice from our existing legal counsel regarding how to
interpret how the law applies to our business and what the risks are for us.

Implementation and compliance with said law (including things like evaluating
each data source and destination; examining retention policies, etc) we're
doing entirely internally.

------
borlum
We Humio.com are a small business as well, and we hired a consultant for a few
days to help us iron out the changes we needed to do. We are happy with the
help we got and it would have taken us a lot longer to get right by ourselves.

~~~
dhumph
Great. Can you provide contact info?

