So far, something that no course or book has prepared me for and something that I’m asked to do at my job as a developer is to create privacy policies, cookie policies and for example now, to read about the new GDPR standards. It all goes over my head. I feel like I’m doing stuff that a lawyer should be doing. If I manage 7 or 8 websites all this stuff is just worrying. How do you guys approach this? Is this something I should be doing?
Yes, you should, but it isn’t hugely complex, a lot of it is just common sense, and being explicit about requesting consent (rather than having implicit consent), just making sure you know what you’re doing with data and covering your ass. If you collect someone’s personally identifiable data, you need to have that person’s consent. If you collect that data, you really need to know where it is, and you need to take measures to ensure it’s secure. And if you are sharing that data with another party, they need to know that you are doing that (and they must agree to you doing so). They can request that you provide them with all data you hold on them, and they can request that you delete that data, so you need to have a handle on where that data is and who has it.
There are a load of privacy policy templates out there. Basically cover this checklist: https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/your-privacy-notice-checklist/. And in a lot of situations, it’s as simple as having a link to a privacy policy on a signup page, with a checkbox saying they’ve agreed to the policy.
I understand, we do have a privacy policy in every website but it’s usually a copy/paste from another website. I think a legal document should be made by a lawyer that’s all, but you cannot ask the owner of a small website to hire a lawyer for that, they just contact the developer, I get it, still feels like doing something that it’s not in my field of expertise at all and that has to do with actual law.
As I say, mainly just common sense, so best bet read the privacy policy and make sure the copy paste doesnt include stuff that doesn’t apply. In an ideal world it might be best to have a lawyer write every one, but 99% of policies would be basically the same and 99% of sites wouldn’t really be able to afford one.
Thanks for the help Dan : )