You don’t need a DPO if you’re a one man company, or your revenue is under a certain amount of which I can’t remember, because it hasn’t been relevant at our 10.000 employee municipality.
You’re allowed to track ips in your log, if there is a reason for it and you only keep them for a reasonable amount of time.
You do need to gather consent for push messages. But you can do so by simply asking your users, and frankly, you should always ask your users before you spam them, but it’s obviously going to be a little work to implement.
This is an overreaction, especially because no one knows how the GDPR plays out until it’s been tested in the courts.
You’re allowed to track ips in your log, if there is a reason for it and you only keep them for a reasonable amount of time.
You do need to gather consent for push messages. But you can do so by simply asking your users, and frankly, you should always ask your users before you spam them, but it’s obviously going to be a little work to implement.
This is an overreaction, especially because no one knows how the GDPR plays out until it’s been tested in the courts.