security, Technology

More Info About GDPR

Today is the day, and I’m sure a lot of you have been receiving updated privacy and cookie policies from various companies. This is good news because it shows that these companies realize that the way they were abusing our personal info will get them in serious trouble.

I have even come across some websites that show a message saying, “By continuing to use our website you agree to our privacy policy and use of your personal info.”

Are you kidding me? Now thanks to the GDPR, this type of message process is no longer legal. Any website you use MUST get your consent before they store, process, or sell your personal info.

Here are some links with more info:

https://blog.mozilla.org/internetcitizen/2018/05/23/gdpr-mozilla/

https://gdpr-info.eu/art-25-gdpr/

Development, Technology

GDPR To Take Effect on May 25th!

Next month the EU’s GDPR law will go into effect, and many companies are updating their privacy policy to prepare for the new regulations. I as a developer have to know this law thoroughly because I don’t want to violate the law and then be held liable for damages. So here are the major points I’ve learned so far:

  • Before collecting a customer’s personal data, you must obtain consent.
  • Personal data includes anything that can be used to identify a user. Such as email and name.
  • In order to obtain consent, your terms of use have to be easily accessible and easy to understand. You cannot hide your terms deep in legal jargon.
  • After obtaining consent, the user must have an easy way to opt-out of your use of their personal data.
  • The user must also have an easy way to download all of the info you have on them, and the ability to delete all of their data from your servers as part of their “Right to be Forgotten.”
  • Once you’ve gotten consent to use a person’s data in a certain way, you then cannot use that same data in a different way. You will have to obtain new consent in order to change the way you use their personal data.
  • Each company will have to appoint an employee to represent them in the EU. This employee will act as the contact for the EU’s DPA (Data Protection Authorities.
  • These DPA’s will have the power to investigate and enforce the GDPR rules on companies operating with user’s personal data.
  • Companies that suffer a breach of their user’s personal data must immediately inform those users that their info was stolen.
  • Both the company collecting personal data, and the third-party that the company is selling your personal data to are legally responsible for any mistakes that are made.

Here are a few links with more info:

https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx?&wt.srch=1&wt.mc_id=AID641639_SEM_BQ6Yzc26&msclkid=d8a227b1a1ca11d25b457d7d67b04615

https://assessment.microsoft.com/gdpr-compliance

https://www.bleepingcomputer.com/news/security/more-than-half-of-android-apps-for-kids-are-violating-us-privacy-laws/

https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design

https://www.eff.org/issues/privacy

https://www.gdprhq.io/post/gdpr-hq-its-time-to-dig-in

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

https://www.pcreview.co.uk/articles/gdpr-what-it-is-and-what-it-means.199/

https://spectrum.ieee.org/telecom/internet/your-guide-to-the-gdpr.html

https://sdtimes.com/security/what-does-it-take-to-build-a-secure-app-by-design/