Just some thoughts on data privacy and GDPR
For my current project Impromat which is an app for planning workshops for improvisational theatre, I have spent the last couple of weeks getting into that topic of data privacy and GDPR. In a nutshell: it's kind of complicated for such a small free time project. However, I value data privacy and I am sometimes a little bit afraid of some lawyers that specials in finding websites without data privacy notices.
Nonetheless, there are already some good resources about GDPR and also some decent generates like the Datenschutz Generator of Dr. Thomas Schwenk. The author of the website was also interviewed in a podcast which helped me with my understanding of data privacy especially in regards to GDPR (just search for it on Spotify if you are interested). Especially the generator helped me a lot with the setup, even though, I had to change some text descriptions and some contract information with my hosting provider (e.g. the Impromat backend is hosted on Contabo).
Impromat is not a commercial application and does neither track nor collect any user specific data per default (would be far to complicated for me to set up :P ). However, there is also a login functionality so that users can synchronize workshops across devices. Through a Google login users can get access to that synchronization feature and workshop data gets transferred to the Impromat backend server and shared with devices of that user. This is where data privacy really gets interesting because according to GDPR there are some regulations that the application must fulfill in this case. For example: users must be able to retrieve all there stored data and they must be able to request deletion of their data. I am very happy that Impromat is currently in such a simple state that I have a 100% knowledge about what kind of data is stored where.
After all, thinking about all those data sets that this small application processes is already very valuable to me. I still think that GDPR is a step into the right direction to protect user specific data, however, it's far to complicated for hobby or free time projects that you only spend a couple of hours per week or even month on.