Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR & EU cookies law

56 views

Published on

Flash talk about GDPR and EU cookies law

Published in: Technology
  • Be the first to comment

  • Be the first to like this

GDPR & EU cookies law

  1. 1. GDPR & EU cookies law General Data Protection Regulation EU Cookies Law
  2. 2. EU cookie law
  3. 3. EU cookie law May 2011 websites owned by companies based in the EU - Clear notice explaining cookies and opt-out mechanism - Strictly necessary cookies (session) - Performance cookies (tracking) (opt-out) - Targeting cookies (ads) (opt-out) fine can be a maximum of 500,000£
  4. 4. GDPR
  5. 5. GDPR Effective since May 25 2018 Applied to people in EU Personal Identifiable Information (PII) - Right to be forgotten - Right of access - Data controller - Data processor
  6. 6. GDPR 25 may
  7. 7. Applied to people IN EU IP address, PII? Citizen outside EU? Mobility
  8. 8. Data controller & Data processor Data controller: frontend - Complies with user-facing/interaction information and decision making Data processor: google analytics - Communicates with data controller to make GDPR compliance
  9. 9. Personal Identifiable Information (PII) Tag PII data Name, SSN, DNI, tel, geolocation, online id, etc
  10. 10. Right of access Access to PII Purposes of processing
  11. 11. Right to be forgotten controllers of any links to, or copy or replication of, those personal data.
  12. 12. Pseudonymization the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.
  13. 13. Sanctions Auditoria Ban Processing Suspend service Fines up to €20 million or up to 4% of the annual worldwide turnover
  14. 14. Celerative No aplica mucho Prepararse, otra forma de pensar en los datos - “Taggear” PII - Revisar que PII no vaya por querystring ni url path - Metodos de pseudonymization o separar data identificable de la que no es - Frontend: tener una seccion de cookie policy y otra de privacy policy - Frontend: revisar como se cargan las cookies (opt-in/opt-out) - Google Analytics: va contra las normas enviar PII a GA https://www.google.com/analytics/terms/us.html (buscar personally identifiable information) http://www.blastam.com/blog/5-actionable-steps-gdpr-compliance-google-analytics

×