Highest Voted 'gdpr' Questions - IT Security Stack Exchange

1

vote

1 answer

Email under GDPR

I am aware that email is considered as PII and should be used and stored under strict security guidelines as per GDPR. If we use email in any our communications and in what cases it might not be considered as PII under GDPR?

asked Jul 02 '19 at 02:24

user211383

21
2

1

vote

1 answer

Is a company decrypting all SSL traffic through a Root CA GDPR compliant?

I am wondering if a company employing EU citizens is allowed to decrypt SSL traffic of those citizens in a MITM style attack without even informing them what data is collected (without even notifying this software is being installed!). People will…

tls man-in-the-middle gdpr

asked Apr 12 '19 at 15:21

anonymous employee

11
1

1

vote

2 answers

GDPR - Personal Data breaches for invoices

A short question and scenario. Company X receives by mistake invoice of Company Y ( there is no relation between them ). Company X is reporting the case to Controller : - invoice is not mine , please send it in the right place. Y's Invoice …

gdpr breach

asked Dec 05 '18 at 13:04

GDPR_noob

11
2

1

vote

6 answers

I am receiving weird emails regarding GDPR from electronicprivacy.eu

Since a week, I am getting some French emails. Since I don't know French I used google translate to know what is this about: Email 1: Bonjour, En application de mon droits d’accès et d’informations sur les traitements de données personnelles me…

privacy email gdpr

asked Nov 08 '18 at 17:39

undefinedman

113
4

1

vote

0 answers

Method or tool to securely exchange sensitive data

Does anyone of you know tools or services that can help to securely exchange (personal or sensitive) data between two parties? After some requirements analysis, the tool or service should (among others) be able to respond to the following high-level…

gdpr

asked Jul 12 '18 at 09:35

user3687056

11
1

1

vote

0 answers

Do S3/Azure/GCS bucket names/keys represent personally identifiable information

We have an event-sourced system that uses a forward-only immutable event store. If we store personally identifiable information in this store, we'll be in trouble with regards to GDPR, as deletion of events is not an option. We have assessed the…

privacy gdpr pii

asked Jul 05 '18 at 14:02

spender

121
6

1

vote

0 answers

Do I need to remove all past customers email adresses from newsletter subscription, if I haven't asked them consent before May 25 (GDPR)?

I receive many emails those days: If you haven't given your consent before 2018 May 25 to stay subscribed to our newsletter, we will be forced to remove your email from subscription, in accordance to GDPR. 1) Is it true that if I haven't asked…

gdpr

asked May 23 '18 at 15:21

Basj

951
2
8
16

1

vote

1 answer

Microsoft Exchange: Email and attachment encrypting

As per recent updates in UK data protection legislation I have been trying to find ways of encrypting all outbound emails from my server and was considering moving all our emails from a basic email host over to a Windows Server with exchange. My…

encryption windows exchange gdpr

asked May 04 '18 at 06:59

Connor Simpson

121
2

1

vote

0 answers

GDPR compliance in Amazon AWS

Anybody has a nice checklist/todo list to achieve GDPR compliance in Amazon AWS environments? Want to use dev-sec.io checklists, OWASP for web app, AWS Trusted Advisor. Anything else to include/consider? How to tackle GDPR in AWS environments? Was…

aws gdpr

asked Apr 28 '18 at 15:58

dev

937
1
8
23

1

vote

2 answers

What will the effect of the GDPR be on password dumps?

The GDPR changes a lot of data protection law, but how will it affect dumped databases of passwords? At the moment these can be used to work out the most common passwords, and sites can use this knowledge to prevent people choosing overly common…

password-cracking gdpr

asked Feb 24 '18 at 17:20

jrtapsell

3,169
15
30

0

votes

1 answer

Questions on user context and auditing for background job execution for SaaS application

I have some questions related with user context and auditing for background job execution for SaaS application. Let's say an admin user scheduled a background job through UI. When the job start running, this job requires to run with a user context,…

audit permissions identity gdpr

asked Sep 15 '22 at 07:01

user1024888

5
2

0

votes

4 answers

How to protect email addresses in a customer database when you and other third parties must be able to send emails?

I am wondering what methods are used by big companies to protect customer email addresses in their databases. They usually have salespeople all over the world and multiple third-parties (Salesforce, transactional emails, etc.) also need to access…

encryption email databases gdpr pii

asked Jun 25 '21 at 08:42

C.Card21

1

0

votes

1 answer

Sending and blocking emails from hashed and salted address ? (for GDPR)

I would like to send emails from a server, but also make them unable to trace for me as server owner or attackers. I want this for GDPR but also to protect people from abusers. Short info about service: I am a provider of a service as a person, not…

hash email salt gdpr

asked Jan 29 '21 at 23:16

user250107

0

votes

0 answers

EU GDPR: Can someone store the data inside EU but process them in US

I'm a bit lost in here and need some direction. According to the EU GDPR, the PII data should never leave the EU. But, Can they be taken out and processed outside? such as in a server that is situated in the US and put the data back again in the…

databases gdpr eu-data-protection

asked Jan 28 '21 at 03:11

Saikat Chakrabortty

101

0

votes

1 answer

GDPR data flow mapping and inventory

Anybody can share some tips on how to create a nice GDPR data flow mapping and inventory? Any sample diagrams? What diagrams types are best to be used here? Would you show high level diagram and sub-diagrams for each component set? How would you…

compliance gdpr

asked Mar 03 '20 at 10:20

dev

937
1
8
23

Questions tagged [gdpr]