-1

Hella !

I know how GDPR requires me to hide all personal data and make it impossible to get a match on any living person with any combination of the tables records. But any of you have experience about setting up the server itself GDPR ready? I mean I've limited the users to two (root and appadmin) and allowed both only from localhost but is there anything more I need to or should do? As for backup I'll replicate the DB with SSL but anything more I can do?

Thanks for the advice!

Bert
  • 984
  • 1
  • 11
  • 29
  • You should speak to a lawyer. Your interpretation of what the GDPR requires doesn't match what I've read, and this is an area where fairly significant penalties can apply. – ceejayoz Feb 04 '19 at 15:32
  • That is in progress already, but I'm asking because I wish to hear others who have experience as well. GDPR is brutally strict and now I'm happy and sad because of it at the same time. Happy because this was needed a long-long time ago and sad because now I have 4X more job with it, lol. – Bert Feb 04 '19 at 15:34
  • 1
    I'm voting to close this question as off-topic because GDPR is mainly a legal topic – Sven Feb 04 '19 at 17:56
  • I wish you wouldn't because what I'm asking is the practical settings I have to apply for GDPR – Bert Feb 05 '19 at 08:06
  • @Bert There's no single answer to that, and your idea of what GDPR requires is quite flawed. It doesn't require, for example, you to "make it impossible to get a match on any living person with any combination of the tables records". See Nuno's answer. – ceejayoz Feb 05 '19 at 14:57

1 Answers1

4

GDPR doesn't work like that.

You can have the data well structured like you would have without GDPR.

What GDPR requires is that you have a proper and honest Privacy Policy and respect when the user wants to delete their contents from your servers.

There's more than this, such as ensuring you protect the data and getting user consents, but I recommend you do some reading about GDPR.

Nuno
  • 461
  • 1
  • 5
  • 23