Popular posts

The GDPR is the new privacy laws in the EU. Basically it says:

• you have to inform the user what you're doing with it's data
• you have to remove the user data if the users wishes it
• you have to protect the user data and be able to prove to do it
• you have to give the user ALL the data related to the user if it wishes so
• you are only allowed to keep immanent business related data about the user and all the data not needed anymore after the transaction has to be deleted as well.
• you have to log the changes and access to the user data TOM (technical/organizatoric measures) .

They are offline as well as online. So it's not only about the data you got in the database but also you are not allowed to leave person-related information on the conference tables.

It' basically a hardcore regulation because the big companies proven again and again that they are not to be trusted. So the EU upped the stakes and made it pricey for companies to be reckless.

The main point of critique could be smaller companies and the overhead that is happening there.... does this help? or do you want the links to the laws?

oh and this goes for IPs as well since they are person related data -> so all your access logs now are not allowed to store them anymore.

one trick is asymetric salted hashes for IPs or data that you need to keep so you cannot reconstruct that data but you can say 'hey this user has been here already n times' (flood protections for example)