GDPR
General Data Protection Regulation
The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). It also extends the protection of personal data and data protection rights by giving control back to EU residents. GDPR replaces the 1995 EU Data Protection Directive, and goes into force on May 25, 2018. It also supersedes the 1998 UK Data Protection Act.
- Void forgetUser(UUID userId)
- Useful for integration tests
- Allow nullable foreign keys
- Anonymize user (leave only ID)
- Cascade delete
- CRMs, Payment gateways, etc. - Return 404 for indexable pages
Mark user as “restricted”
- Boolean database column
- Button on profile page “restrict processing of personal data”
- Button on admin page
Don’t show in searches, don’t send emails, don’t include in automated processing
• Mark as restricted in 3rd party systems (e.g. with a custom field)
• Don’t show on public pages / 404
• Why?
• Edge cases: user objects to erasure;
- Right to data portability (no vendor lock-in; in theory)
- Formats: JSON, XML, CSV or other standards
- Schema: prefer schema.org
- Could be a background process that sends email when done
- Could be a manual process (easier to get compliant)
- All personal data + all data, associated with the user (orders, messages, etc.)
- Logs? No
- Data from 3rd party systems? Yes
- they should have that functionality as well
- Right to rectification
- All personal data fields should be editable
- Could be a manual support process: “please fix my name or my email”
- Data obtained from 3rd parties
- If email/phone is included, user should be able to modify email/phone
- If not – manual process
- No more “I accept the Terms and conditions and the privacy policy”
- Unchecked checkbox for each processing purpose on registration
- Data processing business processes to be listed in a register
- User should be able to withdraw consent from the user profile page
- If data is used for machine learning, get explicit consent for that
- Store consent in a secure way
- Consents table with boolean field and timestamping
- Re-request consent for existing users via email
- Oral consent (Accept by phone call)
Data should be displayed in the regular UI of the application Allow non-registered users to check if you have data about them - Confirm email - Show the processing records from the register
On registration ask for age / date of birth / (checked) checkbox “I’m older than 16”
• Ask parent for consent
- Don’t store data for longer than “necessary”
- Database column for “data retention deadline”
- Scheduled job to delete/anonymize/pseudonymize data that past its deadline
- Deadline vs confirmation event, e.g. “goods delivered”
- Applicable to “purchase without registration”
- Theoretically applicable to registered users
- In practice: “I agree to having my address stored for the purpose of not entering it again on subsequent purchases”.
Best practices for protect data sensitive
Restrict access to production data servers…
Encrypt the data in transit
Encrypt the data at rest
Encrypt your backups
Implement pseudonymisation
Protect data integrity
Log access to personal data
Register all API consumers
Bad practices for protect data sensitive
- Don’t put fields on the registration/profile form that you don’t need
- Don’t use data for purposes that the user hasn’t agreed with
- Don’t assume 3rd parties are compliant (Verify that the service complies with data protection)
- Don’t log personal data (Save data in sql and send to others, or save data in csv or xls to send)
- Don’t dump personal data on public servers/buckets
Training for Comany staff
Delegate CDO
rocka.co
juan@rocka.co