3
1 Comment

Is GDPR requires cookie consent?

by Jane Andrade

If you still wondering you need cookie consent to become GDPR compliant website the answer is BIG YES.

Cookies & GDPR are directly related to both. Under GDPR website owners should collect the personal data of individuals in a legal way. The best way is website should notify the proper usage of cookies to visitors and get consent from them to collect their data.

But how you could do this whole process? You could Cookie Consent Platforms to implement this.

Axeptio is the best solution to collect consent from website visitors. Get it just for $59/One-time payment at SaaS Mantra now.

https://saasmantra.com/deals/axeptio

posted to
SaaS Journeys
 on April 15, 2021
Say something nice to Jane_Andrade…
Post Comment
  1. 1

    No, but you may decide that is how you communicate your activities and responsibility.

    I've worked on this problem professionally as a consultant for various organisations, the real questions are about how you are meeting the requirements and that you have obtained very granular time/purpose consent from data owners (the customer).

    So think about;

    • Right of Rectification (modification of their data)
    • Right of erasure (you must purge all data and backups about the user)
    • Right to object (any aspect no matter how small, the user may ask you to keep their data but not for specific things. and you have to comply)
    • Right of portability (all data you hold about a customer should be accessible to them in a meaningful way to them to read and use in other ways)

    Lastly, understanding that you are the data custodian, not the data owner. Meaning you are to treat any data 'linked' to an individual as sensitive data, not just email addresses, and things traditionally seen as 'sensitive'. You are the custodian of sensitive user owned data for any data fields that are linked to an individual in any way at all. So a primary key for a database row uniquely identifies the user, and every data field in that row is sensitive. If you create aggregate data, maybe how many logins, then have an ability to uniquely identify who that number of logins belongs to - it too is customer owned data because they are the subject of the data you generated about their activities you processed.

    So once you have a grasp of the data, you need 'reasonable' consent to do all of the data processing. Reasonable means the data owner is aware of what you are capturing, why you are (what the benefit to them is), and when you will need to retain the data (infinite is not reasonable).

    Then you may have consent, and it may be done via a cookie if you choose.

    Stof
    ·
    3 years ago
    ·
    Reply
Trending on Indie Hackers
I've built a 2300$ a month SaaS out of a simple problem. 22 comments Where can I buy newsletter ad promos? 12 comments How would you monetize my project colorsandfonts? 8 comments How I built my SaaS in 2 weeks using NextJS and Supabase 6 comments Key takeaways growing MRR from $6.5k to $20k for my design studio 6 comments Tips on starting a startup 5 comments