Highest Voted 'gdpr' Questions - IT Security Stack Exchange

3

votes

2 answers

Should passwords and challenge questions & answers be migrated?

I am currently working on the migration of a user Identity and Access Management tool from a legacy platform (product + solution) to a new one (same product but upgraded + updated solution) My team was challenged with the following…

asked Mar 08 '18 at 16:26

Hugo Tavares

31
2

2

votes

3 answers

Google Drive and GDPR

I can't seem to find much information on this online, and forgive me if this is obvious to other folks in the info-sec community but would storing documents such as CVs of applicants, letters written for an employee by HR etc. on a shared/Google…

google data-leakage gdpr google-apps

asked May 16 '19 at 07:30

Anon

21
2

2

votes

1 answer

Receiving Junk Email that is related to Skype conversations

My Microsoft email address and account are linked to Skype, OneDrive and Windows 10 (products I use by Microsoft). This account is not linked to my phone (Android). I don't use this account for Email (I use Gmail for email). Absolutely sure I don't…

privacy data-leakage gdpr breach

asked Mar 08 '19 at 20:49

Nuno

215
2
7

2

votes

1 answer

Steps to make website GDPR Compliant

I am working for a high traffic website developed in codeigniter. Can someone please help how to start working to make website GDPR compliant? Till now, I was able to identify the potential cookies being used containing user personal details. What…

php gdpr

asked Jan 02 '19 at 13:23

Arun Jain

153
1
1
8

2

votes

1 answer

EU GDPR - Data protection requirement standards missing?

I'm reading about the GDPR here and there. However, I see no requirements on how data actually is to be protected like Mimimum password length requirements Second factor authentication Backup protection policies and the like. What about a data…

password-policy corporate-policy gdpr

asked Apr 26 '18 at 21:50

Marcel

3,494
1
18
35

1

vote

1 answer

Risk scenarios when hosting KEK in Google Cloud KMS HSM backended

For some time now, we have been assessing the risks from a GDPR perspective when data (data-at-rest) in the Google Cloud is fully encrypted using native means. This means that we create both the KEK and the DEK completely with Google Cloud KMS and…

hsm gdpr google-cloud-platform

asked Sep 02 '22 at 14:31

rsfeed

9
1

1

vote

0 answers

How do I make sure the information I collect on a person does not constitute personal data/PII?

I'm building an application that may involve the storage of certain information pertaining to potentially millions users of a popular social media platform for analytics purposes, making the obtaining of consent almost impractical (if not…

gdpr pii

asked Mar 15 '22 at 18:11

moonman239

121
4

1

vote

0 answers

Choosing the right salt to pseudo-anonymize data and be GDPR compliant

In my company, numeric user IDs are considered PIIs and therefore need to be pseudo-anonymized to be GDPR compliant. To do so, we populate a lookup table where to each ID is assigned a monotonically decreasing gdpr_ID. Then when users are inactive…

hash salt gdpr pii

asked Sep 17 '21 at 08:46

Vektor88

111
2

1

vote

0 answers

How do we reconcile a requirement to keep backups, with a requirement that we be able to purge data on request?

As part of SOC 2 preparation (and just general operational best-practice) we take regular PostgreSQL backups and keep them for up to a year. One of our partners has a requirement that we be able to delete any data sourced from them on request,…

privacy legal compliance backup gdpr

asked May 24 '21 at 13:03

recurser

11
1

1

vote

2 answers

publication of GDPR implementation

I'm aware of this post that GDPR apparently does not enforce a specific standard to secure sensible data. Based on this post e.g., there is no requirement to encrypt or hash login data in a local database, either. GDPR however provides the user of…

public-key-infrastructure gdpr

asked Feb 12 '21 at 14:18

Buttonwood

113
3

1

vote

2 answers

What personal data should be encrypted in a database?

I am having trouble answering what seems like a simple question. I was hoping to find a Yep/Nope style list somewhere, but can't seem to find one. What data should be encrypted in a cloud (e.g. AWS/Azure) database? I have researched ICO as well as…

encryption databases gdpr

asked Oct 09 '20 at 10:05

JsAndDotNet

165
1
1
5

1

vote

0 answers

How have you secured production data (PII) on non-prod environments?

Data protection laws including GDPR state: “Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.” GDPR stipulates data…

anonymity gdpr pii

asked Jul 02 '20 at 11:06

Architect

631
1
6
9

1

vote

1 answer

Active Directory GDPR classification

GDPR classifies data into Non-personal, Personal and Sensitive personal. Sensitive personal is further broken down to Genetic and biometric, Racial and ethnical, Religion and Philosophical etc. Coming to implement a new Active Directory I want to…

compliance active-directory gdpr

asked Sep 18 '19 at 10:45

aquaman

73
5

1

vote

1 answer

Is it ok to assume a user has opted-in to receive emails in an application where the main purpose is sending notifications

I'm working on a web application where the main purpose/functionality is notifying users when there have been changes to regulations in a particular industry. The application is subscription based, i.e. you have to pay for an account and using it is…

email gdpr

asked Aug 14 '19 at 12:18

Andy

320
1
7

1

vote

1 answer

Deeplinks in email that autologin

I'm wondering if a deep link in an e-mail that automatically authenticate even though the session is expired is GDPR compliant. For instance if I send an e-mail to a user with links to the internal website, containing content available only after…

authentication email gdpr

asked Jul 17 '19 at 14:45

Tizz

11
2

Questions tagged [gdpr]