Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Gdpr, or how i stopped worrying and love my users

138 views

Published on

I gave this talk at Isle of Ruby conference in Exeter, England on April 14th 2018.
My goal was to explain some fundamental ideas of GDPR but also show what developers face when trying to comply with this regulation

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Gdpr, or how i stopped worrying and love my users

  1. 1. GDPR or:How I Stopped Worrying And Love My Users Holger Frohloff 1
  2. 2. Holger Frohloff ☞ Developer for over 10 years ☞ Freelancer & consultant helping companies with Rails and ReactJS ☞ Credit card data stolen (ca. €2.500 in 2009) ☞ Affected by breaches: MyFitnessPal (2018), BrowserStack (2014), Kickstarter (2014), Gawker (2010) and others ☞ Private photo sharing plattform (2013) Holger Frohloff 2
  3. 3. German Bundestag | Picture by Thomas Quine (CC- BY-2.0) Holger Frohloff 3
  4. 4. Mossack Fonseca - Panama Papers | Picture by Falco Emert (CC-BY-2.0) Holger Frohloff 4
  5. 5. Texas Lottery Picture by Wil C. Fry (CC BY-NC-ND 2.0) Holger Frohloff 5
  6. 6. Picture by shopcatalog.com(CC BY 2.0) Holger Frohloff 6
  7. 7. Visualization: Information is beautiful http://www.informationisbeautiful.net/visualizations/worlds- biggest-data-breaches-hacks/ Holger Frohloff 7
  8. 8. GDPRGeneral Data Protection Regulation Holger Frohloff 8
  9. 9. The history Holger Frohloff 9
  10. 10. The history ☞ Approved and adopted by the EU Parliament in April 2016. ☞ Will take effect and be in force from May 25th 2018. ☞ OECD guidelines from the 1980s and a Data Protection Directive from 1995 Holger Frohloff 10
  11. 11. Who does it apply toHolger Frohloff 11
  12. 12. Who does it apply to ☞ Organizations located within the EU ☞ Organizations outside of the EU (if they offer goods or services to, or monitor the behavior of, EU data subjects) ☞ Processing & holding the personal data of data subjects residing in the European Union Holger Frohloff 12
  13. 13. Violations and finesPhoto by Gerry Lauzon (CC-BY-2.0) Holger Frohloff 13
  14. 14. Violations and fines ☞ up to 2% of annual global turnover for breaching GDPR or ☞ €10 Million, whichever is higher Holger Frohloff 14
  15. 15. Personal data Holger Frohloff 15
  16. 16. Personal data ☞ Any information related to a natural person or ‘Data Subject’ ☞ used to directly or indirectly identify the person. ☞ name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. Holger Frohloff 16
  17. 17. Key points Consent Right to Access Data Portability Right to be Forgotten Privacy by design Privacy by default Holger Frohloff 17
  18. 18. Consent Article 7 ☞ legible ☞ clear & distinguishable ☞ giving and withdrawing made easy Holger Frohloff 18
  19. 19. Consent Article 7 ❝Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.❞ Holger Frohloff 19
  20. 20. Right of Access Article 15 ☞ Confirmation whether or not personal data concerning them is being processed, where and for what purpose. ☞ Receive their data, free of charge, in a machine-readable format ☞ At any time Holger Frohloff 20
  21. 21. Data Portability Article 20 ☞ Data controller transmit their data to another controller ☞ Without hindrance ☞ Free of charge Holger Frohloff 21
  22. 22. Right to be forgotten Article 17 ☞ Erasure of personal data ☞ Without undue delay ☞ Halt processing with third parties ☞ A little respect Photo by Andwhatsnext on Wikipedia (CC-BY- SA-3.0) Holger Frohloff 22
  23. 23. Privacy by design & Privacy by default Article 25 ☞ Optimal data protection to be provided as standard ☞ Security of data and the proper steps to ensure privacy should be the default Holger Frohloff 23
  24. 24. Privacy by Default Framework and why the GDPR makes sense Holger Frohloff 24
  25. 25. Data Protection Impact Assessments (DPIA) ☞ Required for data-intensive projects, make sense for almost every (bigger) project ☞ Results accessible for all parties involved ☞ Describe processes related to data and privacy risks Holger Frohloff 25
  26. 26. Data Collection and Retention ☞ Data collection & processing? Retention, storage location (cloud?) ☞ How long? When deleted? ☞ Consent? Verifiable? Explicit? Legal basis? ☞ Controls about retention for users? Holger Frohloff 26
  27. 27. Technical and Security Measures ☞ Do you use encryption, anonymization, pseudonymization? ☞ Backups? How? When? ☞ What TSM exist at host (AWS etc.)? Holger Frohloff 27
  28. 28. Personnel ☞ Who has access? ☞ Data protection training? ☞ Security measures people work with? ☞ Process for handling data breach notifications? ☞ Process for government requests? Holger Frohloff 28
  29. 29. Data subject (access) rights ☞ How can they access their rights (erasure, portability, access, be forgotten) ☞ How can they restrict their data? How object? ☞ How can they withdraw consent? Holger Frohloff 29
  30. 30. Legal ☞ Contracts for all data processors, including subcontractors? ☞ Is data transferred outside of the EU? ☞ If yes, what safeguards and protective measures do exist? Holger Frohloff 30
  31. 31. Risks ☞ Risks for data subject exist (in case of misuse, breach, mis-access, loss)? ☞ Risks in case of modification? ☞ Main sources of risk? ☞ Steps for mitigation? Which possible? Which taken? Holger Frohloff 31
  32. 32. Development Workflow Holger Frohloff 32
  33. 33. Document it all ☞ Libraries ☞ Tools ☞ Frameworks ☞ Workflows ☞ Document how you write, test, review, document & deploy it Holger Frohloff 33
  34. 34. External libraries ☞ Are they safe? (Look for DPIAs / documentation about GDPR compliance) ☞ Handling of security vulnerabilities ☞ Data collection & retention? ☞ => Opportunity for OSS authors to increase adoption by EU devs Holger Frohloff 34
  35. 35. Code Reviews ☞ Code quality doesn’t cut it anymore ☞ Look for handling of data, adherence to PbD, possibilities of encryption/sandboxing etc. Holger Frohloff 35
  36. 36. What good comes from this?Holger Frohloff 36
  37. 37. We decide! Holger Frohloff 37
  38. 38. Thank you☞ https://idiomaticrails.com/gdpr: My newsletter about privacy and technology (With double opt-in & 100% less tracking 😉) ☞ Twitter: 5minpause (rarely used) ☞ https://gdpr-info.eu/ A comprehensive website about the regulation Holger Frohloff 38
  39. 39. Sources #1: ☞ Bundestag - Thomas Quine - https://flic.kr/p/d9bCDd ☞ Panama City - Falco Emert - https://flic.kr/p/FgbicY ☞ Estimated Cash Value: $496,000,000 - Wil C. Fry - https://flic.kr/ p/C1wPYR ☞ Bend man - Marten Newhall on Unsplash - https:// unsplash.com/photos/uAFjFsMS3YY ☞ TVintage - Ajeet Mestry on Unsplasg - https://unsplash.com/ photos/UBhpOIHnazM Holger Frohloff 39
  40. 40. Sources #2 ☞ Parking Ticket Note - Gerry Lauzon - https://flic.kr/p/Aw1WP ☞ Info - Arvin Febry - https://unsplash.com/photos/ V4mNfkDmiX4 ☞ Thick Rope Knot - Robert Zunikoff - https://unsplash.com/ photos/-yz22gsqAH0 ☞ Step up - Mikito Tateisi - https://unsplash.com/photos/ bJhT_8nbUA0 ☞ Shopping in Amsterdam - Guus Baggermans - https:// unsplash.com/photos/fbDPzqOXwuY Holger Frohloff 40
  41. 41. Sources #3 ☞ Erasure, 1986 - Andwhatsnext - https://de.wikipedia.org/wiki/ Erasure#/media/File:Erasure-andy-vince-wolfgangs-np.jpg ☞ Black Sign White Text - Kai Brame - https://unsplash.com/ photos/QnYDCO6dFPk ☞ Cat beneath blanket - Mikhail Vasilyev - https://unsplash.com/ photos/NodtnCsLdTE ☞ Paper Mountain - Christa Dodoo - https://unsplash.com/photos/ MldQeWmF2_g Holger Frohloff 41
  42. 42. Sources #4 ☞ Isolated - Jayka Herrera - https://unsplash.com/photos/ gM3NL_uqDFE ☞ Guy Fawkes mask - Samuel Zeller - https://unsplash.com/ photos/VPnmmVSJy1M ☞ Yellow Airport sign - Paul Green - https://unsplash.com/photos/ gWFXgcH-LeU ☞ Elegant man loosening tie - Ben Rosett - https://unsplash.com/ photos/WdJkXFQ4VHY ☞ House on the edge - Cindy Tang - https://unsplash.com/photos/ Holger Frohloff 42
  43. 43. Sources #5 ☞ Shelf full binders - Samuel Zeller - https://unsplash.com/photos/ vpR0oc4X8Mk/info ☞ Open for business - Clem Onojeghuo - https://unsplash.com/ photos/lYjEYq5iUGU ☞ Rechercher - Olloweb Solutions - https://unsplash.com/photos/ d9ILr-dbEdg Holger Frohloff 43

×