GDPR for Developers

From Rixort Wiki
Jump to navigation Jump to search

What is GDPR?

Who is affected?

Why should you care?

  • The way you build systems can affect ease of compliance.
  • You probably have more access to personal data than anyone else.

Personal data

  • Anything that can be used to identify a natural person (i.e. living and not a corporate entity).

Processor vs controller

Legal basis for processing

  • Must rely on at least one of these.
  • 6 to choose from, but only 3 will be valid in most circumstances.

Consent

  • Consent is not always a good choice - withdrawal for example.
  • Do not confuse consent as a legal basis vs informing people how their data will be processed.
  • Bad example: ecommerce transaction.
  • Good example: mailing list.

Subject Access Requests and Requests to Erase

  • These are requests not demands.
  • Not always necessary to comply with either.
  • Legal requirements may necessitate retention of data.
  • Some data may be protected from access by the subject (e.g. health, national security).
  • Can charge a fee of up to £10 (£50 in some cases, e.g. health records).

Links