GDPR aims to set standards (and requirements) on how sensitive data should be stored. Although, I couldn’t find any information on how (or if even) GDPR applies for sensitive data in a volatile state.
As an example, what if we are in the process of collecting data about users (with their consent) to store it. Although, this data goes through the machines RAM (as everything else that runs on the computer) where it could potentially be intercepted by malware therefore potentially enable leakage of sensitive information.
Is there a section in GDPR that addresses sensitive data in a volatile form or is it a potential loophole? (Mainly thinking about if the data should be encrypted while in-memory)
I recently realized that some apps were able to “link” my identity to Facebook. I checked my off facebook activity and could see some apps that I’ve never given my email.
Investigating further, I believe it boils down to a setting that’s set under
Settings > Privacy > Advertising on my iPhone. There’s a way to either reset the advertising identifier, or
Limit Ad Tracking, which I believe prevents this completely (perhaps generating a unique identifier each time?)
“Solving” this was easy obviously by limiting ad tracking, but I’m wondering: How come it’s not limited by default? Shouldn’t GDPR protect me from this kind of default? Shouldn’t Apple get my explicit consent for something like this? I don’t recall having given such consent…
I am the lead on IT, however, as it is a fairly small company, the managing partner holds the purse strings. If I have notified him about possible ways that we could be breached, is he legally obligated to have them tested and corrected?
What ramifications are there, if there is a breach and it comes out that we were aware of these possible vulnerabilities?
We’re adding a ‘accept cookies’ GDPR banner across the bottom of our site. Should it be the first thing that gets focus when tabbing into the page?
GDPR classifies data into Non-personal, Personal and Sensitive personal. Sensitive personal is further broken down to Genetic and biometric, Racial and ethnical, Religion and Philosophical etc.
Coming to implement a new Active Directory I want to present my stakeholders with the different options that they have, with GDPR in mind.
Reading the Microsoft white paper I cannot see mapping of attributes to the GDPR classifications, or a bottom line of how to implement any of the 3 approaches.
I would ideally like to see something along these lines:
- to class as non-personal: 1. use employee ID in userPrincipalName and sAMAccountName; 2. only use corporate mobile phone in homePhone/otherPhone etc.; 3. use office address in streetAddress, targetAddress etc.
- avoid these to class as sensitive: 1. biometrics (unless stored on the device such as Windows Hello); 2. distribution lists for religion communities (e.g. prayer room, even if multi-faith)
There are of course extension attributes which will have to be considered on case by case basis.
Has anyone been through this process and can share from their work?
I’m hoping to create and ask some user research surveys shortly and wanted to ask how people are treating the GDPR regulations in this area.
At a high level, I want to capture personally identifiable data (PID) to understand the demographics of the respondents. I’m aware I also need to get a signed acceptance to use their data.
I know that I’m under an obligation to remove PID both on request and when it’s not reasonably needed. Do people generally follow this and discard results? or do people tend to use the signed acceptance to override this?
Is there a way to export all user data associated with Firefox Accounts?
Yes? where can I request/download it?
No? isn’t right of access a legal requirement under the current GDPR legislation?
Examples of what I’m asking :
- Google: Download your data
- Facebook: Accessing & Downloading Your Information
- GitHub: Download all of your data
- LinkedIn – Accessing Your Account Data
- Twitter – Your Twitter data
The host alsycon.nl is Fraud Netherlands Hosting Company from which I bought one server, which claimed as DDoS protected, the Host named Max… | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1772269&goto=newpost
I am aware that email is considered as PII and should be used and stored under strict security guidelines as per GDPR. If we use email in any our communications and in what cases it might not be considered as PII under GDPR?