Almost 2 years after and the GDPR is still pulling Admins hair.
I wish to address the issue of small or large sites that only conduct business in their own city, province/state or country and no where else.
Too, there are those business-card types of web sites, with one page, a page being about twice the height of the screen, not like a endless roll of toilet paper! Why should they even consider GDPR in their Privacy Policy? I think adding GDPR, and the country of *Califorina's CCPA, and 120 other countries such as Brazil's' LGPD is necessary if they want to continue playing Google's Popularity Ranking Contest. Is a Privacy Policy with GDPR and ilk kowtowing to the many country privacy regulations, and so on not also part of the requirements by Google and not having any privacy policy bumps the site lower on the ranks? Penalty points!
The people I work with and the websites they redesign have one very short Privacy Policy that is close to "We don't collect, view, store any data about your visit here." That is to say that there is a Privacy Policy to appease Google.
Generally speaking, most web sites, whether the Admin knows it or not, is 1Stalking visitors from site to site, The sites Inject more Stalkers. Sites are Monitoring what the visitor sees, types, mouse movements, from what location, using what devices, and for how long. The person's visits are Recorded including where they came from and where they go next. With this information, the attempt is used to Control the visitor as they travel about the Internet, showing the visitor what their profile dictates based on previous travels.
It has become Stalk, Monitor, Inject, Record, Control (SMIRC for short).
The GRPR, CCAC, LGPD... ad nauseum, do not protect the visitor from Google and it's millions of minions buried in websites. At least, not in North America. Yet. But a made-for-privacy policy should be hitting and penalizing those companies that SMIRC and pimp the visitors profile to any -thing- with the money. No one gave advertisers and marketeers a Golden Key to the Internet. They just muscled in and took it.
I appreciate the work Michael has done here, and the prices are very good too, but I don't see how the site, Mr. Richey, or I can benefit from the site telling Wordpress, cors-anywhere-herokuapp.com, promisejs, Facebook, and seven others, including Google knowing that I was here, for how long, from what location, using what deceives what I read, typed, and clicked.
GDPR, CCAC etcetera cancels Privacy? Doesn't improve it.
SUMMARY: Not everyone is subject to the GDPR, but most are subjected to either having a GDPR statement, or not and being penalized (almost shamed) by Google, and search engines too.
Just my opinion is all. It may be best to have GDPR, CCAC, ... just as offerings to Google.
~S~