GDPR for Developers: Difference between revisions

From Rixort Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 10: Line 10:
== Personal data ==
== Personal data ==


* Anything that can be used to identify a named person (i.e. living and not a corporate entity).
* Anything that can be used to identify a natural person (i.e. living and not a corporate entity).
 
== Processor vs controller ==


== Legal basis for processing ==
== Legal basis for processing ==
Line 20: Line 22:


* Consent is not always a good choice - withdrawal for example.
* Consent is not always a good choice - withdrawal for example.
* eCommerce transaction example.
* Do not confuse consent as a legal basis vs informing people how their data will be processed.
* Do not confuse consent as a legal basis vs informing people how their data will be processed.
* Bad example: ecommerce transaction.
* Good example: mailing list.


== Subject Access Requests and Requests to Erase ==
== Subject Access Requests and Requests to Erase ==
Line 28: Line 31:
* Not always necessary to comply with either.
* Not always necessary to comply with either.
* Legal requirements may necessitate retention of data.
* Legal requirements may necessitate retention of data.
* Some data may be protected from access by the subject (e.g. health, police).
* Some data may be protected from access by the subject (e.g. health, national security).
* Can charge a fee of up to £10 (£50 in some cases, e.g. health records).
* Can charge a fee of up to £10 (£50 in some cases, e.g. health records).



Latest revision as of 10:41, 10 September 2020

What is GDPR?

Who is affected?

Why should you care?

  • The way you build systems can affect ease of compliance.
  • You probably have more access to personal data than anyone else.

Personal data

  • Anything that can be used to identify a natural person (i.e. living and not a corporate entity).

Processor vs controller

Legal basis for processing

  • Must rely on at least one of these.
  • 6 to choose from, but only 3 will be valid in most circumstances.

Consent

  • Consent is not always a good choice - withdrawal for example.
  • Do not confuse consent as a legal basis vs informing people how their data will be processed.
  • Bad example: ecommerce transaction.
  • Good example: mailing list.

Subject Access Requests and Requests to Erase

  • These are requests not demands.
  • Not always necessary to comply with either.
  • Legal requirements may necessitate retention of data.
  • Some data may be protected from access by the subject (e.g. health, national security).
  • Can charge a fee of up to £10 (£50 in some cases, e.g. health records).

Links