Highest Voted 'gdpr' Questions - IT Security Stack Exchange

0

votes

1 answer

Is it a possible vulnerability / GDPR violation if basic profile of users are enumerable through the URL?

If a website uses an auto-incrementing user-id in its url – /users/1, /users/2 to showcase public user profiles (just the name + photo / avatar) is it considered a possible vulnerability?

vulnerability gdpr user-enumeration

asked Jan 23 '20 at 14:40

Shubham Kanodia

1

0

votes

0 answers

How to approach a site that doesn't manage passwords correctly?

I am registered to a site which doesn't manage password correctly. It is a user area for a company that provides services of some sort and which uses the area to show details of the contracts and for payments. Now, if I forget my password, there is…

passwords password-reset gdpr

asked Dec 10 '19 at 13:46

bracco23

123
5

0

votes

1 answer

Firefox Account - Export user data (GDPR)

Is there a way of exporting all user data associated with a Firefox Account? Yes? where can I request/download it? No? isn't right of access a legal requirement under the current GDPR legislation? Examples of what I'm asking : Google:…

privacy firefox gdpr

asked Aug 18 '19 at 18:48

Pedro Lobito

524
3
13

0

votes

2 answers

Encrypted folder with different access rights for different users

With the GDPR (General Data Protection Regulation of EU) comes the necessity for many companies to store certain personal data (CVs, certificates, passport copies, etc.) centrally and encrypted. The data is available e.g. as Word or PDF files, in…

encryption file-access gdpr

asked May 29 '19 at 10:41

gebrerv

1

0

votes

1 answer

does mailto require opt-out when user sending initial request for information from website?

Everything I have been reading on mailto: requirements has been that the company sending the email or using a website form submitting information. My situation is: on the company website, a lot of information on various topics is presented. The…

gdpr

asked Feb 14 '19 at 20:12

barbaraG

1

0

votes

1 answer

GDPR data minimisation session cookies

I have a research study being run. Participants are asked to; Fill out a consent form (contains personal information as per GDPR) Complete a questionnaire. My hopes was that the questionnaire responses could be anonymous, I would store the forms…

privacy session-management anonymity gdpr deanonymization

asked Feb 04 '19 at 16:57

Fionn Delahunty

1

0

votes

2 answers

Do websites outside of the EU need to consider GDPR?

There are a lot of items in the GDPR that I am a fan of. Mandatory unsubscribe links are the best thing to happen to my inbox since I started using email. But there is one thing in particular I've loathed the policy for: Cookie consent dialogues. As…

cookies gdpr

asked Sep 19 '18 at 05:52

Shadow

211
1
7

0

votes

2 answers

Does the advent of GDPR result in improved protections for customers based exclusively in non-EU countries?

Sorry if the title is a bit confusing. I'll try to rephrase: GDPR obviously improves transparency and protective services in global service providers/vendors that involve users in the EU. I can see how transparency about data management would…

gdpr

asked May 31 '18 at 14:53

Mike B

3,336
4
29
39

0

votes

1 answer

Tokenization - Is it bad practice to reuse tokens?

If I am implementing a tokenization system for PII within a database, is it considered bad practice, or riskier, to reuse tokens? For example, if I am storing the name "Richard" multiple times, and they are all replaced with the token…

databases gdpr pii

asked May 22 '18 at 10:20

Marc

141
1
6

0

votes

1 answer

GDPR data portability

I know one of the requirements of the GDPR is for data portability requests. On a website I have, it has users that includes their address, contact number etc but it also tracks what the user downloads and pages they visit, contact forms they…

gdpr

asked Apr 26 '18 at 20:31

Markus

9
1

0

votes

0 answers

Tracking user's private link on google analytics: will it be a security issue for GDPR?

Our web portal track page access with google analytics. The access link will be then tracked and exposed in google analytics reports. As the portal include personally identifiable information (PII), will it be compliant with GDPR or it will be a…

user-tracking gdpr

asked Apr 10 '18 at 08:26

Glasnhost

151
3

0

votes

1 answer

Under GDPR, is one user borrowing another's logged-in session for financial transactions illegal?

Our organization has historically been very lax with Data Protection and compliance, and we have a number of POS sales positions serving the public and taking payments; both Cash, Chip and Pin and Debit/Credit transactions through an e-portal. As…

legal account-security financial gdpr

asked Jan 27 '17 at 13:35

John Smith Optional

101
4

-1

votes

1 answer

What does pseudonymization mean in the context of web development?

In readiness for the new GDPR legislation that is coming in on May 25th, I am trying to understand what pseudonymization means in the context of web development. The info I've read infers that it is not the same as encryption. Could someone…

php databases mysql gdpr

asked May 01 '18 at 08:42

Marc

141
1
6

Questions tagged [gdpr]