Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The effects of the GDPR

384 views

Published on

Talk Michaël Demey at Devoxx 2017 - The effects of the GDPR.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

The effects of the GDPR

  1. 1. © 2017, iText Group NV, iText Software Corp., iText Software BVBA© 2017, iText Group NV, iText Software Corp., iText Software BVBA The effects of the GDPR A closer look at what it is and what developers can do
  2. 2. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Introduction Michaël Demey Developer @ iText Software @MyMilkedEek
  3. 3. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Disclaimer I’m not a lawyer or attorney
  4. 4. © 2017, iText Group NV, iText Software Corp., iText Software BVBA What is GDPR General Data Protection Regulation
  5. 5. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Regulation, not a directive Directives need national implementation Regulation doesn’t  Side-note: there are areas that do need national implementation
  6. 6. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Natural person Natural Person = EU citizen Also known as a “Data subject”
  7. 7. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Personal data Personal data is data or information that can be traced back to a data subject
  8. 8. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Obvious stuff Name Address National ID number …
  9. 9. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Critical stuff Medical records DNA
  10. 10. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Less obvious stuff IP address E-mail address RFID HR information …
  11. 11. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Other actors Data controllers Companies/organisations collecting the data Data processors Companies/organisations processing that data
  12. 12. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Who does the GDPR affect Any company targetting EU citizens (data subjects) Regardless of where the company is located  US, Asia, … Focus is on the EU citizen
  13. 13. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Directive of 1995 Already pretty progressive, but outdated GDPR is replacement with new technology and actors in mind
  14. 14. © 2017, iText Group NV, iText Software Corp., iText Software BVBA GDPR timeframe 2016! But only enforced starting May 2018
  15. 15. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Fines Hot topic with lots of scaremongering and confusion “Up to X million euro or x % of global revenue!” Technically true but EU will not hand these out willy-nilly “Be the carrot, not the stick”
  16. 16. © 2017, iText Group NV, iText Software Corp., iText Software BVBA© 2017, iText Group NV, iText Software Corp., iText Software BVBA Collection of data
  17. 17. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Rules for collection Intent must be stated There needs to be a clear goal and purpose to the collection of data Duration of storage
  18. 18. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Consent Has to be explicitly given by the user Not sufficient are Silence or inactivity Pre-ticked checkboxes Without consent, you’re not allowed to collect data Can be withdrawn at any point
  19. 19. © 2017, iText Group NV, iText Software Corp., iText Software BVBA No consent Access to or use of website/application content must not be restricted if data subject doesn’t consent, if the data isn’t necessary to operate
  20. 20. © 2017, iText Group NV, iText Software Corp., iText Software BVBA
  21. 21. © 2017, iText Group NV, iText Software Corp., iText Software BVBA
  22. 22. © 2017, iText Group NV, iText Software Corp., iText Software BVBA© 2017, iText Group NV, iText Software Corp., iText Software BVBA Rights of the data subject
  23. 23. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Access All data subjects should be able to access the data a company has on them In a readable, usable format
  24. 24. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Update All data subjects should be able to update their personal data
  25. 25. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Deletion Data subjects should be able to request a deletion of their data Very specific exceptions when it comes to complying to this request Biggest issue when reading blogs and articles
  26. 26. © 2017, iText Group NV, iText Software Corp., iText Software BVBA The “right to be forgotten”
  27. 27. © 2017, iText Group NV, iText Software Corp., iText Software BVBA© 2017, iText Group NV, iText Software Corp., iText Software BVBA Action plan! “Design by privacy”
  28. 28. © 2017, iText Group NV, iText Software Corp., iText Software BVBA First things first Talk to your management Make sure they’re aware of this There might already be a plan
  29. 29. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Collect information List of all data captured What do you capture Why is it captured  Is it necessary? Where is it stored How long is it stored How is it stored  Has it been secured?
  30. 30. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Tools Check your used tools CRM Bug trackers Marketing tools These are usually externally developed and/or hosted Make sure these are compliant
  31. 31. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Breach Policy There needs to be a breach policy in place What to do, who to contact, etc. when a breach has been detected
  32. 32. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Measurements Pseudonymize personal data Encryption! Take as many precautions as possible when storing data Already implement (or prepare) ways for data subjects to use their rights
  33. 33. © 2017, iText Group NV, iText Software Corp., iText Software BVBA© 2017, iText Group NV, iText Software Corp., iText Software BVBA Summary
  34. 34. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Summary EU citizen focus Change in mentality -> design by privacy Use common sense Intent and actions are the key factor
  35. 35. © 2017, iText Group NV, iText Software Corp., iText Software BVBA Thank you! Questions?

×