GDPR for Developers

From Rixort Wiki
Revision as of 06:58, 24 July 2019 by Paul (Sọ̀rọ̀ | contribs)
Jump to navigation Jump to search

Why should you care?

  • The way you build systems can affect ease of compliance.

Legal basis for processing

  • Must rely on at least one of these.
  • 6 to choose from, but only 3 will be valid in most circumstances.
  • Consent is not always a good choice - withdrawal for example.
  • Do not confuse consent as a legal basis vs informing people how their data will be processed.

Subject Access Requests and Requests to Erase

  • These are requests not demands.
  • Not always necessary to comply with either.
  • Legal requirements may necessitate retention of data.
  • Some data may be protected from access by the subject (e.g. health, police).
  • Can charge a fee of up to £10 (£50 in some cases, e.g. health records).