I'm building a website and using Sentry for logging errors, but it's just a small project, and I'm not expecting a large user base. I'm wondering how much I need to worry about GDPR compliance. Currently, I don't collect much personal data, but Sentry does gather some information like device details, operating system, browser type, URL, and IP address—which I'm considering removing. Also, I don't have a privacy policy, and I'm not based in the EU. Is this okay, or should I have at least a privacy policy?
2 Answers
To be safe, just avoid collecting any data that's under GDPR. Check if Sentry allows you to disable IP address collection and any other potentially sensitive data—it could make things easier for you!
While I’m no lawyer, I’d recommend having a privacy policy, especially since you're collecting IPs. Device, OS, and browser info could also be classed as personal data when paired with an IP. You might want to state in your policy what you collect and why, especially if you plan to collect any extra data later on.
That's true. And make sure to mention any third-party services you use, like Sentry, in your policy too.
Here's a helpful link to Sentry’s GDPR best practices if you want to dig deeper: [https://sentry.io/trust/privacy/gdpr-best-practices/](https://sentry.io/trust/privacy/gdpr-best-practices/)