This meme is just too true. What was once in vogue is now dangerous to touch. Handled carefully and competently, though, it’s of course pure gold! Data, I mean. Not asbestos. That’s only bad.

Technical GDPR and privacy compliance, the TL;DR version

Some tips to GTFO 🏃 of the worst “privacy dumpster fires” 🔥 🚒

If you don’t collect personal data—including such ephemera as IP addresses—or store non-necessary data (“cookies” etc.) on a user’s device, then you are pretty much out of scope for GDPR…and most likely other similar laws too. Your life will be significantly easier. This fact, if anything, is what you should take home from the new privacy laws.

An approach for reaching compliance

1. Data minimization should be priority number one

2. Implement privacy-focused analytics

Server-side analytics

Client-side solutions

This is Fathom on a testing domain I set up. This is really it. If you’ve seen the above you’ve seen it all! Under “Goals” you’ll see the events we are tracking, for which you can also add an optional conversion value.
Simple Analytics on a testing domain.
Simple Analytics does also give you a separate, basic overview of events that you are tracking (“click_button” in this case).

Recommended paths for compliant analytics, in ranked order

Custom solutions

3. Implement a Consent Management Platform if needed

Custom solutions

4. Write/generate and publish your privacy (and cookie) policies

Custom solutions

Ending notes



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mikael Vesavuori

Cloud Software Architect (and Technical Standards Lead) at Polestar