With the GDPR enforcement date of 25th May approaching, we’ve decided to make our privacy and data handling process as public and open as possible. Virtually all companies hide behind fuzzy text like “we employ industry standard practices”. They give you no idea whether your personal data is secure or who can use it.
The first thing we’ve done is create a privacy board.
As you can see from the done list, we’ve removed Google Analytics from draw.io online. We weren’t clear from the Analytics site exactly how the data collected is processed and Google is unlikely to ever present those details.
The other problem with any kind of analytics/tracking is GDPR isn’t clear whether you need explicit consent from a user before allowing this. So, even if we hosted our own analytics tools, we’re not sure if we’d need consent.
The downside for us is we lose all analytics data, but we’re believers in the GDPR and intend to comply with the spirit of the law, not simply the wording.