GDPR for Developers: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 3: | Line 3: | ||
* The way you build systems can affect ease of compliance. | * The way you build systems can affect ease of compliance. | ||
* You probably have more access to personal data than anyone else. | * You probably have more access to personal data than anyone else. | ||
== Personal data == | |||
* Anything that can be used to identify a named person (i.e. living and not a corporate entity). | |||
== Legal basis for processing == | == Legal basis for processing == | ||
Revision as of 07:01, 24 July 2019
Why should you care?
- The way you build systems can affect ease of compliance.
- You probably have more access to personal data than anyone else.
Personal data
- Anything that can be used to identify a named person (i.e. living and not a corporate entity).
Legal basis for processing
- Must rely on at least one of these.
- 6 to choose from, but only 3 will be valid in most circumstances.
- Consent is not always a good choice - withdrawal for example.
- Do not confuse consent as a legal basis vs informing people how their data will be processed.
Subject Access Requests and Requests to Erase
- These are requests not demands.
- Not always necessary to comply with either.
- Legal requirements may necessitate retention of data.
- Some data may be protected from access by the subject (e.g. health, police).
- Can charge a fee of up to £10 (£50 in some cases, e.g. health records).