GDPR for Developers: Difference between revisions

From Rixort Wiki
Jump to navigation Jump to search
No edit summary
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
== What is GDPR? ==
== Who is affected? ==
== Why should you care? ==
== Why should you care? ==


Line 6: Line 10:
== Personal data ==
== Personal data ==


* Anything that can be used to identify a named person (i.e. living and not a corporate entity).
* Anything that can be used to identify a natural person (i.e. living and not a corporate entity).


== Legal basis for processing ==
== Legal basis for processing ==
Line 12: Line 16:
* Must rely on at least one of these.
* Must rely on at least one of these.
* 6 to choose from, but only 3 will be valid in most circumstances.
* 6 to choose from, but only 3 will be valid in most circumstances.
== Consent ==
* Consent is not always a good choice - withdrawal for example.
* Consent is not always a good choice - withdrawal for example.
* Do not confuse consent as a legal basis vs informing people how their data will be processed.
* Do not confuse consent as a legal basis vs informing people how their data will be processed.
* Bad example: ecommerce transaction.
* Good example: mailing list.


== Subject Access Requests and Requests to Erase ==
== Subject Access Requests and Requests to Erase ==
Line 20: Line 29:
* Not always necessary to comply with either.
* Not always necessary to comply with either.
* Legal requirements may necessitate retention of data.
* Legal requirements may necessitate retention of data.
* Some data may be protected from access by the subject (e.g. health, police).
* Some data may be protected from access by the subject (e.g. health, national security).
* Can charge a fee of up to £10 (£50 in some cases, e.g. health records).
* Can charge a fee of up to £10 (£50 in some cases, e.g. health records).
== Links ==
* [https://www.euractiv.com/section/digital/news/sites-using-facebook-like-button-liable-for-data-eu-court-rules/ Sites using Facebook ‘Like’ button liable for data, EU court rules]


[[Category:Talks]]
[[Category:Talks]]

Revision as of 14:00, 11 November 2019

What is GDPR?

Who is affected?

Why should you care?

  • The way you build systems can affect ease of compliance.
  • You probably have more access to personal data than anyone else.

Personal data

  • Anything that can be used to identify a natural person (i.e. living and not a corporate entity).

Legal basis for processing

  • Must rely on at least one of these.
  • 6 to choose from, but only 3 will be valid in most circumstances.

Consent

  • Consent is not always a good choice - withdrawal for example.
  • Do not confuse consent as a legal basis vs informing people how their data will be processed.
  • Bad example: ecommerce transaction.
  • Good example: mailing list.

Subject Access Requests and Requests to Erase

  • These are requests not demands.
  • Not always necessary to comply with either.
  • Legal requirements may necessitate retention of data.
  • Some data may be protected from access by the subject (e.g. health, national security).
  • Can charge a fee of up to £10 (£50 in some cases, e.g. health records).

Links