Do you have clients / website visitors from the EU / EEC?
If so, then GDPR applies to you.
1. Do you use Google Analytics or any other website traffic tracking tool? If so, then audit your data collection process in order to make sure that you are NOT collecting and/or processing any so called PII (Personally Identifiable Information). Note: IP address is considered PII under GDPR. Here some best practices to avoid sending PII recommended by Google.
2. Turn on IP anonymization by editing the code directly or You can also use Google Tag Manager in order to make sure that IP addresses are anonymized.
- What exact information is being collected about the website visitors?
- Who and how is collecting it?
- How long will the data be stored?
- Why is it being collected?
- By Whom and how is it being processed and used?
- What will be the effect of this on the users?
- What are the potential risk?
- What right does the visitors have regarding their data?
- How can the visitors file a complaint / request to remove any information about themself?
6. Follow the experts and never stop learning: https://www.youtube.com/watch?v=8UedbL4tFHc