Highest Voted 'gdpr' Questions - IT Security Stack Exchange

100

votes

7 answers

Why do some GDPR emails require me to opt-out and some to opt-in?

I've noticed a trend in emails I've recieved as a result of GDPR, some of them are sort of 'opt-out' (or pseudo-opt-out where you just need to stop using their service) like so: Our updated Privacy Policy explains your rights under this new law and…

gdpr

asked May 23 '18 at 09:32

AncientSwordRage

1,925
4
17
19

32

votes

4 answers

Is displaying email addresses in an application log file allowed under GDPR?

I'm working on an application that is completely built upon user interaction. In my application logs, I log each interaction and print the email address to uniquely identify which user did which interaction. This application log will not be visible…

privacy logging gdpr

asked Jan 28 '19 at 08:02

Titulum

423
1
4
8

23

votes

3 answers

Hashing email addresses for GDPR compliance

UPDATED We have a very unique scenario: We have several old databases of user accounts. We'd like a new system to be able to connect these old accounts to new accounts on the new system, if the user wishes it. So for example, on System X you have an…

hash privacy anonymity gdpr

asked Jan 23 '19 at 12:33

Django Reinhardt

938
2
8
20

20

votes

3 answers

How to handle emails as usernames under GDPR?

Using emails as usernames for webapps is a convenient way to avoid the "yet another online username" problem. As such, by using this approach, the emails should be easily available in the backend to do user/pass checks. However, in the context of…

web-application anonymity credentials user-names gdpr

asked Apr 24 '18 at 20:41

João Dias Amaro

303
1
2
5

19

votes

2 answers

Is gender considered PII (Personally Identifiable Information) under the GDPR?

Since GDPR is shaking everything up at the minute I'm working on a few changes to our website/process. I work in eCommerce in UX (UK based) and support marketing teams with certain activities. My question is, does gender of an individual count as…

gdpr pii

asked May 17 '18 at 11:22

sclarke

301
1
2
9

10

votes

1 answer

GDPR Deletion Request Tracking Paradox - Suppression Lists

I work at a large-ish tech company with hundreds of websites and some large web applications with a very large number of users. I am planning to propose that we have a central system to track deletion requests to ensure if a person requests we…

deletion gdpr

asked Apr 23 '18 at 11:40

ZZ9

273
1
7

9

votes

1 answer

Does it make sense to encrypt database to comply with GDPR?

I had a hard time phrasing the question. I'd rather ask, "How do I comply with GDPR?" But that would probably be too broad of a question. Database encryption concerns me the most, since that's what the client wants. Let's consider some typical site:…

encryption databases gdpr

asked Apr 15 '18 at 10:09

x-yuri

257
3
7

6

votes

3 answers

If I'm PCI-DSS compliant, do I need to worry about GDPR?

Next month, the EU's General Data Protection Regulation (GDPR) takes effect. Our organization is already PCI-DSS compliant. Do we need to do anything additional to make sure we are consistent with GDPR standards? Or are all the requirements of GDPR…

pci-dss compliance gdpr

asked Apr 18 '18 at 20:54

John Wu

9,101
1
28
39

5

votes

2 answers

Documentation for GDPR best practices for partially masking email addresses

I must give certain employees access to a report which contains email addresses. I would like to redact or partially mask these email addresses, but I am having trouble finding official guidance on how to properly mask email addresses so that they…

gdpr pii

asked Jul 18 '19 at 05:58

MeMyselfI

153
1
3

4

votes

1 answer

Cryptographic requirements for GDPR

I'm looking into how to store emails and data regarding GDPR. The reasoning is that it would be beneficial to store users emails linked to certain data (shop data about purchases and questionnaires). E.g. User u email User u purchased product…

hash gdpr

asked Jun 24 '19 at 02:29

user210772

43
2

3

votes

3 answers

Does GDPR apply for volatile data

GDPR aims to set standards (and requirements) on how sensitive data should be stored. Although, I couldn't find any information on how (or if even) GDPR applies for sensitive data in a volatile state. As an example, what if we are in the process of…

data-leakage sensitive-data-exposure gdpr eu-data-protection

asked Apr 27 '20 at 23:42

dben

133
5

3

votes

1 answer

Putting personal Data in E-Mail vs sending password in plaintext to access that data

I started working on a service that sends out mails with a link to a registration form. (e.g. a registration for a movie premier) The link would look like this https://movie-premier.com/rsvp/USERCODE The problem is that for some users part of the…

authentication email gdpr

asked Dec 09 '19 at 19:02

confused

33
2

3

votes

3 answers

Anonymizing IP addresses using (sha) hashes; how to circumvent rainbow table attacks?

Under GDPR, IP addresses are personal data. I have no need to trace back IP to specific users, but I would like to limit downloads to one per IP.* I do not want to store plain IPs. My first solution would be to hash the IP. I could store the…

hash anonymity salt gdpr deanonymization

asked Aug 09 '19 at 11:56

Karel

133
4

3

votes

1 answer

Does GDPR apply to generic service providers?

Let's say you have a general Cloud service to create PDFs from content or even a data storage. Neither services are meant to process PII data (in the sense of GDPR), still - as the content is not controlled by the service - you do not know what's in…

gdpr

asked Apr 23 '18 at 15:07

Chris

131
1

3

votes

1 answer

Caching personal data: GDPR

There are requests in my web application that contain "personal data" (name, postal code, phone number, date of birth etc). I would like to know what caching controls are advisable. I am using HTTPS. This question Best practice for caching sensitive…

web-browser caching gdpr

asked Mar 26 '18 at 11:45

Nathan Cooper

131
5

Questions tagged [gdpr]