GDPR for Developers: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (9 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== What is GDPR? == | |||
== Who is affected? == | |||
== Why should you care? == | |||
* The way you build systems can affect ease of compliance. | |||
* You probably have more access to personal data than anyone else. | |||
== Personal data == | |||
* Anything that can be used to identify a natural person (i.e. living and not a corporate entity). | |||
== Processor vs controller == | |||
== Legal basis for processing == | == Legal basis for processing == | ||
* Must rely on at least one of these. | * Must rely on at least one of these. | ||
* 6 to choose from, but only 3 will be valid in most circumstances. | * 6 to choose from, but only 3 will be valid in most circumstances. | ||
== Consent == | |||
* Consent is not always a good choice - withdrawal for example. | * Consent is not always a good choice - withdrawal for example. | ||
* Do not confuse consent as a legal basis vs informing people how their data will be processed. | * Do not confuse consent as a legal basis vs informing people how their data will be processed. | ||
* Bad example: ecommerce transaction. | |||
* Good example: mailing list. | |||
== Subject Access Requests and Requests to Erase == | == Subject Access Requests and Requests to Erase == | ||
| Line 11: | Line 31: | ||
* Not always necessary to comply with either. | * Not always necessary to comply with either. | ||
* Legal requirements may necessitate retention of data. | * Legal requirements may necessitate retention of data. | ||
* Some data may be protected from access by the subject (e.g. health, | * Some data may be protected from access by the subject (e.g. health, national security). | ||
* Can charge a fee of up to £10 (£50 in some cases, e.g. health records). | * Can charge a fee of up to £10 (£50 in some cases, e.g. health records). | ||
== Links == | |||
* [https://www.euractiv.com/section/digital/news/sites-using-facebook-like-button-liable-for-data-eu-court-rules/ Sites using Facebook ‘Like’ button liable for data, EU court rules] | |||
[[Category:Talks]] | [[Category:Talks]] | ||
Latest revision as of 10:41, 10 September 2020
What is GDPR?
Who is affected?
Why should you care?
- The way you build systems can affect ease of compliance.
- You probably have more access to personal data than anyone else.
Personal data
- Anything that can be used to identify a natural person (i.e. living and not a corporate entity).
Processor vs controller
Legal basis for processing
- Must rely on at least one of these.
- 6 to choose from, but only 3 will be valid in most circumstances.
Consent
- Consent is not always a good choice - withdrawal for example.
- Do not confuse consent as a legal basis vs informing people how their data will be processed.
- Bad example: ecommerce transaction.
- Good example: mailing list.
Subject Access Requests and Requests to Erase
- These are requests not demands.
- Not always necessary to comply with either.
- Legal requirements may necessitate retention of data.
- Some data may be protected from access by the subject (e.g. health, national security).
- Can charge a fee of up to £10 (£50 in some cases, e.g. health records).