-1

I am from Austria, Europe. I am hosting my application on Heroku in Europe. Because of the new General Data Protection Regulation (GDPR) in Europe I am wondering if I need to take care of something new.

I am storing the following data of users:

Name, Surname, Roomnumber of a stay in a hotel, allergies and preferences.

I hope stackoverflow is the right place to ask also this type of questions.

Thanks a lot for the effort.

  • 1
    We implemented GDPR in my company, of course with team of lawyers. I can tell you that GDPR has a set of rules. Also, inside the GDPR there is a special section pertaining to the Health data. Which must be treated separately. Your allergy data, looks like a candidate. – Amiga500 May 22 '18 at 12:47
  • https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/ – Channa Sep 05 '20 at 17:29

1 Answers1

-1

Yes, you need to take extra steps.

You must clearly explain several aspects of the compliance in your Privacy Policy, e.g.:

  • What personal information you collect
  • Why you collect that information and for what purpose
  • How users can update that information
  • How users can remove that information
  • If and how you transfer that information outside of the EU

and probably many more.

You can go through the Privacy Policy documents of companies that are GDPR compliant already to get the brief overview of what is required. Atlassian is a good example: https://www.atlassian.com/legal/privacy-policy-may-25th

There are also resources available that explain in more details the steps that you need to take, e.g., https://info.fastspring.com/gpdr_compliance

It is not an easy task to ensure GDPR compliance so my advice is to find an expert who can help you in that matter.

Cheers, Jacek

Paul Simpson
  • 2,504
  • 16
  • 28
Jacek
  • 312
  • 3
  • 5
  • Hello Jacek, thank you very much for your answer. It helps me a lot. As you suggest it is probably the best option to contact an expert. –  May 04 '18 at 16:25
  • Happy to help. I had the same problem with my service and after the research about GDPR requirements, I decided to hire an expert through UpWork. – Jacek May 05 '18 at 21:42