Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There is no GDPR compliance requirement for personal, non-commercial, side-projects. You can gather PPI on all the people in the world and use it on your own for non-commercial purposes and GDPR has nothing to say about that.


I think this is completely false. Do you have a source for that?


https://gdpr-info.eu/recitals/no-18/


That doesn't say what you claimed at all, not by the longest stretch of the imagination.


I think a side-project would classify as 'in connection with a professional activity'. This recital basically covers your personal rolodex.


But if you're creating a personal side-project for commercial ends you still need GDPR compliance, right?


Yes, and "commercial" is a pretty low bar here.


In general, this is true, but only if the side-project is absolutely for own, private reasons. As soon as there any economic activity, the GDPR applies, which is a very low bar that even some personal side-projects cross.


I'm so glad that if I had a revenue generating side project, I wouldn't have to worry about that horrible twisted maze of burdensome nonsense as long as I blocked EU countries. It's nice living in the US and having some modicum of autonomy left as someone on the developer side of things.


As a private developer, I agree, yet as a consumer and professional developer, I'm glad things move in this direction. And I assume the GDPR will provide a model for US regulation (just as the DMCA has influenced the European market as well).

BTW: You don't have to block them completely, just don't target them specifically (e.g. accept their credit cards).


As a consumer and professional developer, I feel no desire to wield a power to unfairly bully web services with unreasonable demands about their data pertaining to me.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: