**Jonathan Haslett ✅** @jonathan · Apr 18, 2018, 12:59

**Jonathan Haslett ✅** @jonathan · Apr 18, 2018, 12:59

Jonathan Haslett ✅ @jonathan

Hmm. GDPR compliance for small business websites outside the EU with no budget? Might be easiest to just block access and display a message to EU IPs Other suggestions?

**Matthew Graybosch** @starbreaker · Apr 18, 2018, 15:09

**Matthew Graybosch** @starbreaker · Apr 18, 2018, 15:09

@jonathan Here's an idea: stop collecting data. Rip out Google Analytics. Chances are you don't actually need it.

**Jonathan Haslett ✅** @jonathan · 2018-04-18T22:04:21Z

Jonathan Haslett ✅ @jonathan

@starbreaker
I was more thinking about unavoidable data collection from the process of doing business with someone like a enquiry form still needs a name and email address. An online invoicing or booking system requires more. Raw HTTP logs are always recoding IP address and UA strings, even if only for a short while.

Apr 18, 2018, 22:04 · Mastalab · 0 · 0

**Matthew Graybosch** @starbreaker · Apr 18, 2018, 22:21

**Matthew Graybosch** @starbreaker · Apr 18, 2018, 22:21

@jonathan IANAL, but you might blowing #GDPR out of proportion.

> I was more thinking about unavoidable data collection from the process of doing business with someone like a enquiry form still needs a name and email address.

This is probably a legitimate collection/use of data, but keep that shit secure, don't sell it or share it without the other person's explicit and informed consent, and delete it once the business transaction is complete. #CRMisEVIL

**Jonathan Haslett ✅** @jonathan · Apr 18, 2018, 22:54

**Jonathan Haslett ✅** @jonathan · Apr 18, 2018, 22:54

@starbreaker thank you. I think I need to start with some more reading.