SlideShare a Scribd company logo
1 of 17
GDPR
An overview and its
relevance for QA
Per Thorsheim
Twitter: @thorsheim
+47 90 99 92 59 (Signal|Wire|Whatsapp)
General Data Protection Regulation (GDPR)
• Becomes law in all of EU on May 25, 2018
• Replaces lots of individual laws in every EU country
• Individual countries may add specific additions or exceptions
• GDPR IS APPLICABLE TO ANY BUSINESS WORLDWIDE WORKING
WITH PERSONAL DATA FOR ANY EU CITIZEN IN ANY EU COUNTRY
Data subject’s rights
• the need for the individual's clear consent to the processing of
personal data
• easier access by the subject to his or her personal data
• the rights to rectification, to erasure and 'to be forgotten'
• the right to object, including to the use of personal data for the
purposes of 'profiling'
• the right to data portability from one service provider to another
20M €
Or:
4% of global
annual turnover
GDPR maximum penalty:
Privacy By Design
• Your right to privacy
• Built-in privacy
• Privacy by default
• Transparency
• Executive management support
Training
• The need for privacy
• Internal & external requirements
• Organisation & responsibilities
• Governance, regulatory requirements, standards, procedures
• Methodology for development etc
• Tools, standards, best practices
• OWASP
• Microsoft SDL
Requirements
• Privacy & Security
• User & ownership of information
• Processer of information, recipients of information
• Collection & processing of information must be necessary
• Collection, storing, processing, display, communicating & deletion.
• Encryption & access control
• Risk analysis
• Consequences for privacy
Design
• Data oriented design:
• Limit amount of information collected
• Hide connections between data (pseudo-anonymization, encryption)
• Data separation
• Aggregate data – remove details about data subjects
• Privacy by default
• Process oriented design
• Information to the user
• User has access to control personal information
• Enforcement of privacy; responsibilities and processes
• Vulnerability minimization & threat modeling
Coding
• Generally accepted tools & frameworks
• Control of API’s, third-party libraries etc
• Static code analysis (secure coding principles)
• Source code review
Testing
• Checklist from design phase should be verified
• Security testing (vulnerability scans)
• Dynamic testing (user access, security errors)
• Fuzzing
• Penetration testing / vulnerability analysis
• Threat model analysis / attack surface review
Release to production
• Incident handling procedures
• Internal
• External
• Governance reporting
• Customer reporting
• Doc review of previous steps for consistency & completeness
• Head of security/privacy final approval before push to production
Maintenance
• Incident management & error handling
• Operations, maintenance & development of software
I am not going to waste any more of your time,
but the potential of additional user damages due
to «Impact Team» being provoked by the slow
legal process etc may keep the story in the
media. Tell the audience and others and warn
them about the psychological hell a little bit of
rashness online can lead to. I am almost a
completely broken man, and I don’t know if I will
ever be able to stand up again. And I had a life
full of great qualities. Not as whining, but as a
«matter of fact» and a strong warning.
per@thorsheim.net
+47 90 99 92 59
(Signal|Wire|Whatsapp)
@thorsheim

More Related Content

What's hot

Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu
 
GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017isc2-hellenic
 
Privacy Impact Assessment Management System (PIAMS)
Privacy Impact Assessment Management System (PIAMS) Privacy Impact Assessment Management System (PIAMS)
Privacy Impact Assessment Management System (PIAMS) The Canton Group
 
Data protection within development
Data protection within developmentData protection within development
Data protection within developmentowaspsuffolk
 
What is the General Data Protection Regulation (GDPR)?
What is the General Data Protection Regulation (GDPR)?What is the General Data Protection Regulation (GDPR)?
What is the General Data Protection Regulation (GDPR)?TAG Alliances
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance Dovetail Software
 
Payslip gdpr deck nov 2017
Payslip gdpr deck nov 2017Payslip gdpr deck nov 2017
Payslip gdpr deck nov 2017Aoife Flynn
 
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasData security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasBrowne Jacobson LLP
 
GDPR – Data Portability
GDPR – Data PortabilityGDPR – Data Portability
GDPR – Data PortabilityBusola Awani
 
GDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELGDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELEugene Lee
 
Changing legislation – General Data Protection Regulation (GDPR) and librarie...
Changing legislation – General Data Protection Regulation (GDPR) and librarie...Changing legislation – General Data Protection Regulation (GDPR) and librarie...
Changing legislation – General Data Protection Regulation (GDPR) and librarie...CILIPScotland
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
 

What's hot (20)

Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
 
GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017
 
Privacy Impact Assessment Management System (PIAMS)
Privacy Impact Assessment Management System (PIAMS) Privacy Impact Assessment Management System (PIAMS)
Privacy Impact Assessment Management System (PIAMS)
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
Data protection within development
Data protection within developmentData protection within development
Data protection within development
 
What is the General Data Protection Regulation (GDPR)?
What is the General Data Protection Regulation (GDPR)?What is the General Data Protection Regulation (GDPR)?
What is the General Data Protection Regulation (GDPR)?
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
 
Privacy 101
Privacy 101Privacy 101
Privacy 101
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
 
Payslip gdpr deck nov 2017
Payslip gdpr deck nov 2017Payslip gdpr deck nov 2017
Payslip gdpr deck nov 2017
 
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasData security and cyber risks - In house lawyers forum 2013, Richard Nicholas
Data security and cyber risks - In house lawyers forum 2013, Richard Nicholas
 
Tech Matrix 20080523
Tech Matrix 20080523Tech Matrix 20080523
Tech Matrix 20080523
 
Data protection
Data protectionData protection
Data protection
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
GDPR – Data Portability
GDPR – Data PortabilityGDPR – Data Portability
GDPR – Data Portability
 
GDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELGDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services EL
 
Changing legislation – General Data Protection Regulation (GDPR) and librarie...
Changing legislation – General Data Protection Regulation (GDPR) and librarie...Changing legislation – General Data Protection Regulation (GDPR) and librarie...
Changing legislation – General Data Protection Regulation (GDPR) and librarie...
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
 

Similar to QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA

#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital MarketersOne North
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy IntroductionNiclasGranqvist
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityEQS Group
 
Gdpr demystified - making sense of the regulation
Gdpr demystified  - making sense of the regulationGdpr demystified  - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredCountdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredPrecisely
 
CyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRCyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRShadi A. Razak
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
De groote de man Ingrid de Poorter
De groote de man Ingrid de PoorterDe groote de man Ingrid de Poorter
De groote de man Ingrid de PoorterBigDataExpo
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practiceZoneFox
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?Jatin Kochhar
 
CyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPRCyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPRIryna Chekanava
 
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"Ragnar Heil
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security TwistSecurity Innovation
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firmsaccenture
 

Similar to QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA (20)

#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy Introduction
 
GDPR- The Buck Stops Here
GDPR-  The Buck Stops HereGDPR-  The Buck Stops Here
GDPR- The Buck Stops Here
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
 
Gdpr demystified - making sense of the regulation
Gdpr demystified  - making sense of the regulationGdpr demystified  - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredCountdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
 
CyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRCyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPR
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
 
De groote de man Ingrid de Poorter
De groote de man Ingrid de PoorterDe groote de man Ingrid de Poorter
De groote de man Ingrid de Poorter
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
CyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPRCyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPR
 
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
 

More from QAFest

QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилинQA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилинQAFest
 
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The FutureQA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The FutureQAFest
 
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...QAFest
 
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...QAFest
 
QA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать большеQA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать большеQAFest
 
QA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiledQA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiledQAFest
 
QA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгораниемQA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгораниемQAFest
 
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...QAFest
 
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...QAFest
 
QA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium ClusterQA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium ClusterQAFest
 
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...QAFest
 
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QAFest
 
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automationQA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automationQAFest
 
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...QAFest
 
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...QAFest
 
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях ITQA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях ITQAFest
 
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложенииQA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложенииQAFest
 
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...QAFest
 
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...QAFest
 
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22QAFest
 

More from QAFest (20)

QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилинQA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
 
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The FutureQA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
 
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
 
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
 
QA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать большеQA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать больше
 
QA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiledQA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiled
 
QA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгораниемQA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
 
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
 
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
 
QA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium ClusterQA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
 
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
 
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
 
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automationQA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
 
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
 
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
 
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях ITQA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
 
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложенииQA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
 
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
 
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
 
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
 

Recently uploaded

Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxleah joy valeriano
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 

Recently uploaded (20)

Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 

QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA

  • 1. GDPR An overview and its relevance for QA Per Thorsheim Twitter: @thorsheim +47 90 99 92 59 (Signal|Wire|Whatsapp)
  • 2.
  • 3.
  • 4. General Data Protection Regulation (GDPR) • Becomes law in all of EU on May 25, 2018 • Replaces lots of individual laws in every EU country • Individual countries may add specific additions or exceptions • GDPR IS APPLICABLE TO ANY BUSINESS WORLDWIDE WORKING WITH PERSONAL DATA FOR ANY EU CITIZEN IN ANY EU COUNTRY
  • 5. Data subject’s rights • the need for the individual's clear consent to the processing of personal data • easier access by the subject to his or her personal data • the rights to rectification, to erasure and 'to be forgotten' • the right to object, including to the use of personal data for the purposes of 'profiling' • the right to data portability from one service provider to another
  • 6. 20M € Or: 4% of global annual turnover GDPR maximum penalty:
  • 7. Privacy By Design • Your right to privacy • Built-in privacy • Privacy by default • Transparency • Executive management support
  • 8. Training • The need for privacy • Internal & external requirements • Organisation & responsibilities • Governance, regulatory requirements, standards, procedures • Methodology for development etc • Tools, standards, best practices • OWASP • Microsoft SDL
  • 9. Requirements • Privacy & Security • User & ownership of information • Processer of information, recipients of information • Collection & processing of information must be necessary • Collection, storing, processing, display, communicating & deletion. • Encryption & access control • Risk analysis • Consequences for privacy
  • 10. Design • Data oriented design: • Limit amount of information collected • Hide connections between data (pseudo-anonymization, encryption) • Data separation • Aggregate data – remove details about data subjects • Privacy by default • Process oriented design • Information to the user • User has access to control personal information • Enforcement of privacy; responsibilities and processes • Vulnerability minimization & threat modeling
  • 11. Coding • Generally accepted tools & frameworks • Control of API’s, third-party libraries etc • Static code analysis (secure coding principles) • Source code review
  • 12. Testing • Checklist from design phase should be verified • Security testing (vulnerability scans) • Dynamic testing (user access, security errors) • Fuzzing • Penetration testing / vulnerability analysis • Threat model analysis / attack surface review
  • 13. Release to production • Incident handling procedures • Internal • External • Governance reporting • Customer reporting • Doc review of previous steps for consistency & completeness • Head of security/privacy final approval before push to production
  • 14. Maintenance • Incident management & error handling • Operations, maintenance & development of software
  • 15.
  • 16. I am not going to waste any more of your time, but the potential of additional user damages due to «Impact Team» being provoked by the slow legal process etc may keep the story in the media. Tell the audience and others and warn them about the psychological hell a little bit of rashness online can lead to. I am almost a completely broken man, and I don’t know if I will ever be able to stand up again. And I had a life full of great qualities. Not as whining, but as a «matter of fact» and a strong warning.
  • 17. per@thorsheim.net +47 90 99 92 59 (Signal|Wire|Whatsapp) @thorsheim