Difference between revisions of "General Data Protection Regulation"
From GnuCash
m (→Intro: rewordening) |
(→Data Audit) |
||
Line 6: | Line 6: | ||
While there is some fear about it because of penalties up to <code>max (20 Mio. EUR; 4% of annual global revenue)</code>, others see chances for FOSS: | While there is some fear about it because of penalties up to <code>max (20 Mio. EUR; 4% of annual global revenue)</code>, others see chances for FOSS: | ||
:Marc Jones: FOSS and the GDPR - Overview of key changes to EU privacy law that FOSS can use to promote individual's privacy and autonomy ([https://archive.fosdem.org/2017/schedule/event/foss_and_the_gdpr/attachments/slides/1641/export/events/attachments/foss_and_the_gdpr/slides/1641/gdpr_foss.pdf slides], [https://www.youtube.com/watch?v=Jl5t-wdiRmk video]) at [https://fosdem.org/ FOSDEM] 2017. | :Marc Jones: FOSS and the GDPR - Overview of key changes to EU privacy law that FOSS can use to promote individual's privacy and autonomy ([https://archive.fosdem.org/2017/schedule/event/foss_and_the_gdpr/attachments/slides/1641/export/events/attachments/foss_and_the_gdpr/slides/1641/gdpr_foss.pdf slides], [https://www.youtube.com/watch?v=Jl5t-wdiRmk video]) at [https://fosdem.org/ FOSDEM] 2017. | ||
+ | === ePrivacy aka Cookie Law === | ||
+ | It is the sibbling of GDPR. Its final main target are tools like ''Google Analytics''. And it needs a review on www.gnucash.org as that stores at least a language cookie. | ||
+ | |||
+ | == Organisation-wide Data Audit == | ||
+ | Identify | ||
+ | * what data you have, | ||
+ | * where it is and | ||
+ | * how it is being used. | ||
+ | |||
+ | * Distinguish between personal and non-personal data, | ||
+ | * identify its use, | ||
+ | * the processes applied to it and | ||
+ | * the legal considerations. | ||
+ | |||
+ | Final takeaways to become GDPR-compliant: | ||
+ | * Request for consent and purpose of data collected must be intelligible – for sensitive personal data, users will have to “opt in” rather than “opt out” | ||
+ | * Individuals must have the right to access their data: | ||
+ | * Individuals must have the right to withdraw consent and prevent further dissemination of data: | ||
+ | * Those concerned must be notified if there is a security breach. |
Revision as of 17:37, 23 May 2018
In May 2018 EUs General Data Protection Regulation (GDPR) finally replaced Directive 95/46/EC.
You can read or download the official document in all EU languages and several formats as EUR-Lex Document 32016R0679.
Intro
While there is some fear about it because of penalties up to max (20 Mio. EUR; 4% of annual global revenue)
, others see chances for FOSS:
- Marc Jones: FOSS and the GDPR - Overview of key changes to EU privacy law that FOSS can use to promote individual's privacy and autonomy (slides, video) at FOSDEM 2017.
ePrivacy aka Cookie Law
It is the sibbling of GDPR. Its final main target are tools like Google Analytics. And it needs a review on www.gnucash.org as that stores at least a language cookie.
Organisation-wide Data Audit
Identify
- what data you have,
- where it is and
- how it is being used.
- Distinguish between personal and non-personal data,
- identify its use,
- the processes applied to it and
- the legal considerations.
Final takeaways to become GDPR-compliant:
- Request for consent and purpose of data collected must be intelligible – for sensitive personal data, users will have to “opt in” rather than “opt out”
- Individuals must have the right to access their data:
- Individuals must have the right to withdraw consent and prevent further dissemination of data:
- Those concerned must be notified if there is a security breach.