Comment by p_l
4 years ago
There's not much to change there to actually make it "more GDPR-like". It already does what GDPR wants to cause, i.e. you don't gather Personal Data, with the only exception being the email, and given that it's not operating as an organisation it's probably in the clear.
Maaaaaybeee you might want to strip last octet in IP number from logs, but that's pretty much it.
Complex GDPR policies are only necessary when you want to store and process Personal Data.
> Maaaaaybeee you might want to strip last octet in IP number from logs, but that's pretty much it.
It’s hosted on Netlify, so I don’t even have logs. :-)
Then you point to netlify as responsible party and I guess you might be done ;)
GDPR compliance is overblown, when the simplest way to be compliant is to "just don't store nor process personal data"