GDPR is is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. As creators/owners of web applications it’s your responsibility to be careful with your user’s data. As a default you should strive to obtain as little data of your users as possible. Sjabloon helps you with a few of these things.
What does come with Sjabloon for GDPR?
Filter parameter logging
Rails built-in Filter Parameter Logging replaces sensitive parameter data from the request log. Sjabloon adds a few common parameters for you (only in production).
Ask and track user consent
Cookie notification for page analytics and other third-party services
Anonymise IP addresses for Google Analytics
Sjabloon gives you a one-click option to install multiple page analytics tool like Google Analytics, Clicky and Simple Analytics. Both Clicky and Simple Analytics do not collect, but anonymise IP addresses by default, but Google Analytics does collect IP addresses. Sjabloon sets the
anonymize_ip option to true by default.
Other things to think about
No app is alike and as such it’s impossible to provide full coverage for GDPR out-of-the-box with Sjabloon. Things you might need to look into, depending on your app:
- user data export option;
- full removal of user data (from your database ánd backups);
Sjabloon has done as much as possible to set a good foundation to be GDPR compliant. It is however not a complete solution, and as such Sjabloon cannot held responsible for any issues coming from using the provided code. If you are unsure about any GDPR-issue, do reach out to a legal specialist.