SlideShare uma empresa Scribd logo

Gdpr, or how i stopped worrying and love my users

5
5minpause

I gave this talk at Isle of Ruby conference in Exeter, England on April 14th 2018. My goal was to explain some fundamental ideas of GDPR but also show what developers face when trying to comply with this regulation

Internet
1 de 43
Baixar para ler offline
GDPR or:How I Stopped Worrying And Love My Users Holger Frohloff 1
Holger Frohloff ☞ Developer for over 10 years ☞ Freelancer & consultant helping companies with Rails and ReactJS ☞ Credit card data stolen (ca. €2.500 in 2009) ☞ Affected by breaches: MyFitnessPal (2018), BrowserStack (2014), Kickstarter (2014), Gawker (2010) and others ☞ Private photo sharing plattform (2013) Holger Frohloff 2
German Bundestag | Picture by Thomas Quine (CC- BY-2.0) Holger Frohloff 3
Mossack Fonseca - Panama Papers | Picture by Falco Emert (CC-BY-2.0) Holger Frohloff 4
Texas Lottery Picture by Wil C. Fry (CC BY-NC-ND 2.0) Holger Frohloff 5
Picture by shopcatalog.com(CC BY 2.0) Holger Frohloff 6
Visualization: Information is beautiful http://www.informationisbeautiful.net/visualizations/worlds- biggest-data-breaches-hacks/ Holger Frohloff 7
GDPRGeneral Data Protection Regulation Holger Frohloff 8
The history Holger Frohloff 9
The history ☞ Approved and adopted by the EU Parliament in April 2016. ☞ Will take effect and be in force from May 25th 2018. ☞ OECD guidelines from the 1980s and a Data Protection Directive from 1995 Holger Frohloff 10
Who does it apply toHolger Frohloff 11
Who does it apply to ☞ Organizations located within the EU ☞ Organizations outside of the EU (if they offer goods or services to, or monitor the behavior of, EU data subjects) ☞ Processing & holding the personal data of data subjects residing in the European Union Holger Frohloff 12
Violations and finesPhoto by Gerry Lauzon (CC-BY-2.0) Holger Frohloff 13
Violations and fines ☞ up to 2% of annual global turnover for breaching GDPR or ☞ €10 Million, whichever is higher Holger Frohloff 14
Personal data Holger Frohloff 15
Personal data ☞ Any information related to a natural person or ‘Data Subject’ ☞ used to directly or indirectly identify the person. ☞ name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. Holger Frohloff 16
Key points Consent Right to Access Data Portability Right to be Forgotten Privacy by design Privacy by default Holger Frohloff 17
Consent Article 7 ☞ legible ☞ clear & distinguishable ☞ giving and withdrawing made easy Holger Frohloff 18
Consent Article 7 ❝Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.❞ Holger Frohloff 19
Right of Access Article 15 ☞ Confirmation whether or not personal data concerning them is being processed, where and for what purpose. ☞ Receive their data, free of charge, in a machine-readable format ☞ At any time Holger Frohloff 20
Data Portability Article 20 ☞ Data controller transmit their data to another controller ☞ Without hindrance ☞ Free of charge Holger Frohloff 21
Right to be forgotten Article 17 ☞ Erasure of personal data ☞ Without undue delay ☞ Halt processing with third parties ☞ A little respect Photo by Andwhatsnext on Wikipedia (CC-BY- SA-3.0) Holger Frohloff 22
Privacy by design & Privacy by default Article 25 ☞ Optimal data protection to be provided as standard ☞ Security of data and the proper steps to ensure privacy should be the default Holger Frohloff 23
Privacy by Default Framework and why the GDPR makes sense Holger Frohloff 24
Data Protection Impact Assessments (DPIA) ☞ Required for data-intensive projects, make sense for almost every (bigger) project ☞ Results accessible for all parties involved ☞ Describe processes related to data and privacy risks Holger Frohloff 25
Data Collection and Retention ☞ Data collection & processing? Retention, storage location (cloud?) ☞ How long? When deleted? ☞ Consent? Verifiable? Explicit? Legal basis? ☞ Controls about retention for users? Holger Frohloff 26
Technical and Security Measures ☞ Do you use encryption, anonymization, pseudonymization? ☞ Backups? How? When? ☞ What TSM exist at host (AWS etc.)? Holger Frohloff 27
Personnel ☞ Who has access? ☞ Data protection training? ☞ Security measures people work with? ☞ Process for handling data breach notifications? ☞ Process for government requests? Holger Frohloff 28
Data subject (access) rights ☞ How can they access their rights (erasure, portability, access, be forgotten) ☞ How can they restrict their data? How object? ☞ How can they withdraw consent? Holger Frohloff 29
Legal ☞ Contracts for all data processors, including subcontractors? ☞ Is data transferred outside of the EU? ☞ If yes, what safeguards and protective measures do exist? Holger Frohloff 30
Risks ☞ Risks for data subject exist (in case of misuse, breach, mis-access, loss)? ☞ Risks in case of modification? ☞ Main sources of risk? ☞ Steps for mitigation? Which possible? Which taken? Holger Frohloff 31
Development Workflow Holger Frohloff 32
Document it all ☞ Libraries ☞ Tools ☞ Frameworks ☞ Workflows ☞ Document how you write, test, review, document & deploy it Holger Frohloff 33
External libraries ☞ Are they safe? (Look for DPIAs / documentation about GDPR compliance) ☞ Handling of security vulnerabilities ☞ Data collection & retention? ☞ => Opportunity for OSS authors to increase adoption by EU devs Holger Frohloff 34
Code Reviews ☞ Code quality doesn’t cut it anymore ☞ Look for handling of data, adherence to PbD, possibilities of encryption/sandboxing etc. Holger Frohloff 35
What good comes from this?Holger Frohloff 36
We decide! Holger Frohloff 37
Thank you☞ https://idiomaticrails.com/gdpr: My newsletter about privacy and technology (With double opt-in & 100% less tracking 😉) ☞ Twitter: 5minpause (rarely used) ☞ https://gdpr-info.eu/ A comprehensive website about the regulation Holger Frohloff 38
Sources #1: ☞ Bundestag - Thomas Quine - https://flic.kr/p/d9bCDd ☞ Panama City - Falco Emert - https://flic.kr/p/FgbicY ☞ Estimated Cash Value: $496,000,000 - Wil C. Fry - https://flic.kr/ p/C1wPYR ☞ Bend man - Marten Newhall on Unsplash - https:// unsplash.com/photos/uAFjFsMS3YY ☞ TVintage - Ajeet Mestry on Unsplasg - https://unsplash.com/ photos/UBhpOIHnazM Holger Frohloff 39
Sources #2 ☞ Parking Ticket Note - Gerry Lauzon - https://flic.kr/p/Aw1WP ☞ Info - Arvin Febry - https://unsplash.com/photos/ V4mNfkDmiX4 ☞ Thick Rope Knot - Robert Zunikoff - https://unsplash.com/ photos/-yz22gsqAH0 ☞ Step up - Mikito Tateisi - https://unsplash.com/photos/ bJhT_8nbUA0 ☞ Shopping in Amsterdam - Guus Baggermans - https:// unsplash.com/photos/fbDPzqOXwuY Holger Frohloff 40
Sources #3 ☞ Erasure, 1986 - Andwhatsnext - https://de.wikipedia.org/wiki/ Erasure#/media/File:Erasure-andy-vince-wolfgangs-np.jpg ☞ Black Sign White Text - Kai Brame - https://unsplash.com/ photos/QnYDCO6dFPk ☞ Cat beneath blanket - Mikhail Vasilyev - https://unsplash.com/ photos/NodtnCsLdTE ☞ Paper Mountain - Christa Dodoo - https://unsplash.com/photos/ MldQeWmF2_g Holger Frohloff 41
Sources #4 ☞ Isolated - Jayka Herrera - https://unsplash.com/photos/ gM3NL_uqDFE ☞ Guy Fawkes mask - Samuel Zeller - https://unsplash.com/ photos/VPnmmVSJy1M ☞ Yellow Airport sign - Paul Green - https://unsplash.com/photos/ gWFXgcH-LeU ☞ Elegant man loosening tie - Ben Rosett - https://unsplash.com/ photos/WdJkXFQ4VHY ☞ House on the edge - Cindy Tang - https://unsplash.com/photos/ Holger Frohloff 42
Sources #5 ☞ Shelf full binders - Samuel Zeller - https://unsplash.com/photos/ vpR0oc4X8Mk/info ☞ Open for business - Clem Onojeghuo - https://unsplash.com/ photos/lYjEYq5iUGU ☞ Rechercher - Olloweb Solutions - https://unsplash.com/photos/ d9ILr-dbEdg Holger Frohloff 43

Recomendados

How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
Lee Yount
 
How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
Lee Yount
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
John Eckman
 
Tor talk-prosa-screen
Tor talk-prosa-screenTor talk-prosa-screen
Tor talk-prosa-screen
Henrik Kramshøj
 
Privacy & Analytics: Yeti or Snow Fairy?
Privacy & Analytics: Yeti or Snow Fairy?Privacy & Analytics: Yeti or Snow Fairy?
Privacy & Analytics: Yeti or Snow Fairy?
FLUZO
 
Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the...
Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the...Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the...
Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the...
FLUZO
 
Is Big Data killing Privacy? Nop, it's inducing a paradigm shift
Is Big Data killing Privacy? Nop, it's inducing a paradigm shiftIs Big Data killing Privacy? Nop, it's inducing a paradigm shift
Is Big Data killing Privacy? Nop, it's inducing a paradigm shift
Aurélie Pols
 
Digital analytics & privacy: it's not the end of the world
Digital analytics & privacy: it's not the end of the worldDigital analytics & privacy: it's not the end of the world
Digital analytics & privacy: it's not the end of the world
OReillyStrata
 

Recomendados

How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
Lee Yount
 
How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
How To Set Up Social Media Sites - Some new stuff | Crash, BOOM, tweet…with a...
Lee Yount
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
John Eckman
 
Tor talk-prosa-screen
Tor talk-prosa-screenTor talk-prosa-screen
Tor talk-prosa-screen
Henrik Kramshøj
 
Privacy & Analytics: Yeti or Snow Fairy?
Privacy & Analytics: Yeti or Snow Fairy?Privacy & Analytics: Yeti or Snow Fairy?
Privacy & Analytics: Yeti or Snow Fairy?
FLUZO
 
Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the...
Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the...Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the...
Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the...
FLUZO
 
Is Big Data killing Privacy? Nop, it's inducing a paradigm shift
Is Big Data killing Privacy? Nop, it's inducing a paradigm shiftIs Big Data killing Privacy? Nop, it's inducing a paradigm shift
Is Big Data killing Privacy? Nop, it's inducing a paradigm shift
Aurélie Pols
 
Digital analytics & privacy: it's not the end of the world
Digital analytics & privacy: it's not the end of the worldDigital analytics & privacy: it's not the end of the world
Digital analytics & privacy: it's not the end of the world
OReillyStrata
 
Personal data protection in Europe
Personal data protection in EuropePersonal data protection in Europe
Personal data protection in Europe
Dr. Mira Suleimenova, CIPPe
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, Chiaravalle
Adam Chiaravalle
 
Speck&Tech 3 - The Right to be Forgotten
Speck&Tech 3 - The Right to be ForgottenSpeck&Tech 3 - The Right to be Forgotten
Speck&Tech 3 - The Right to be Forgotten
Francesco Bonadiman
 
Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013
Henrik Kramshøj
 
Arjen Kamphuis: Open Source Lobbying, tips from the trenches [24C3]
Arjen Kamphuis: Open Source Lobbying, tips from the trenches [24C3] Arjen Kamphuis: Open Source Lobbying, tips from the trenches [24C3]
Arjen Kamphuis: Open Source Lobbying, tips from the trenches [24C3]
OpenSlidesArchive
 
Living on the edge AI Artificial Intelligence - ROBOTICS - edge computing
Living on the edge AI Artificial Intelligence - ROBOTICS - edge computingLiving on the edge AI Artificial Intelligence - ROBOTICS - edge computing
Living on the edge AI Artificial Intelligence - ROBOTICS - edge computing
George Georgiou
 
The Internet & The Cloud - Socio-economic Impact on Citizens
The Internet & The Cloud - Socio-economic Impact on CitizensThe Internet & The Cloud - Socio-economic Impact on Citizens
The Internet & The Cloud - Socio-economic Impact on Citizens
LSP / PSL
 
Cours CyberSécurité - Privacy
Cours CyberSécurité - PrivacyCours CyberSécurité - Privacy
Cours CyberSécurité - Privacy
Franck Franchin
 
Essay: 3D printable gun by Defense Distributed
Essay: 3D printable gun by Defense DistributedEssay: 3D printable gun by Defense Distributed
Essay: 3D printable gun by Defense Distributed
riannelinks
 
Fingal Open Data
Fingal Open DataFingal Open Data
Fingal Open Data
Fingal Open Data
 
Privacy UX - UX Scotland 2023
Privacy UX - UX Scotland 2023 Privacy UX - UX Scotland 2023
Privacy UX - UX Scotland 2023
User Vision
 
Privacy in the digital era
Privacy in the digital eraPrivacy in the digital era
Privacy in the digital era
CHEMISTRY AGENCY
 
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet dataPacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
APNIC
 
Anonymous internet
Anonymous internetAnonymous internet
Anonymous internet
Vong Borey
 
Anonymous internet
Anonymous internetAnonymous internet
Anonymous internet
Vong Borey
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
EU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White PaperEU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White Paper
ThinPrint
 
Social Media, what is in it for anti corruption agencies
Social Media, what is in it for anti corruption agenciesSocial Media, what is in it for anti corruption agencies
Social Media, what is in it for anti corruption agencies
UNDP Eurasia
 
Lexing Barcelona Conference
Lexing Barcelona ConferenceLexing Barcelona Conference
Lexing Barcelona Conference
Marc Gallardo
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
TrustArc
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
 

Mais conteúdo relacionado

Semelhante a Gdpr, or how i stopped worrying and love my users

Essay: 3D printable gun by Defense Distributed
Essay: 3D printable gun by Defense DistributedEssay: 3D printable gun by Defense Distributed
Essay: 3D printable gun by Defense Distributed
riannelinks
 
Anonymous internet
Anonymous internetAnonymous internet
Anonymous internet
Vong Borey
 
Anonymous internet
Anonymous internetAnonymous internet
Anonymous internet
Vong Borey
 
EU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White PaperEU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White Paper
ThinPrint
 
Social Media, what is in it for anti corruption agencies
Social Media, what is in it for anti corruption agenciesSocial Media, what is in it for anti corruption agencies
Social Media, what is in it for anti corruption agencies
UNDP Eurasia
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
TrustArc
 

Semelhante a Gdpr, or how i stopped worrying and love my users (20)

Personal data protection in Europe
Personal data protection in EuropePersonal data protection in Europe
Personal data protection in Europe
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, Chiaravalle
 
Speck&Tech 3 - The Right to be Forgotten
Speck&Tech 3 - The Right to be ForgottenSpeck&Tech 3 - The Right to be Forgotten
Speck&Tech 3 - The Right to be Forgotten
 
Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013
 
Arjen Kamphuis: Open Source Lobbying, tips from the trenches [24C3]
Arjen Kamphuis: Open Source Lobbying, tips from the trenches [24C3] Arjen Kamphuis: Open Source Lobbying, tips from the trenches [24C3]
Arjen Kamphuis: Open Source Lobbying, tips from the trenches [24C3]
 
Living on the edge AI Artificial Intelligence - ROBOTICS - edge computing
Living on the edge AI Artificial Intelligence - ROBOTICS - edge computingLiving on the edge AI Artificial Intelligence - ROBOTICS - edge computing
Living on the edge AI Artificial Intelligence - ROBOTICS - edge computing
 
The Internet & The Cloud - Socio-economic Impact on Citizens
The Internet & The Cloud - Socio-economic Impact on CitizensThe Internet & The Cloud - Socio-economic Impact on Citizens
The Internet & The Cloud - Socio-economic Impact on Citizens
 
Cours CyberSécurité - Privacy
Cours CyberSécurité - PrivacyCours CyberSécurité - Privacy
Cours CyberSécurité - Privacy
 
Essay: 3D printable gun by Defense Distributed
Essay: 3D printable gun by Defense DistributedEssay: 3D printable gun by Defense Distributed
Essay: 3D printable gun by Defense Distributed
 
Fingal Open Data
Fingal Open DataFingal Open Data
Fingal Open Data
 
Privacy UX - UX Scotland 2023
Privacy UX - UX Scotland 2023 Privacy UX - UX Scotland 2023
Privacy UX - UX Scotland 2023
 
Privacy in the digital era
Privacy in the digital eraPrivacy in the digital era
Privacy in the digital era
 
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet dataPacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
 
Anonymous internet
Anonymous internetAnonymous internet
Anonymous internet
 
Anonymous internet
Anonymous internetAnonymous internet
Anonymous internet
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
EU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White PaperEU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White Paper
 
Social Media, what is in it for anti corruption agencies
Social Media, what is in it for anti corruption agenciesSocial Media, what is in it for anti corruption agencies
Social Media, what is in it for anti corruption agencies
 
Lexing Barcelona Conference
Lexing Barcelona ConferenceLexing Barcelona Conference
Lexing Barcelona Conference
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
 

Último

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Sheetaleventcompany
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
kumarajju5765
 

Último (20)

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 

Gdpr, or how i stopped worrying and love my users

  • 1. GDPR or:How I Stopped Worrying And Love My Users Holger Frohloff 1
  • 2. Holger Frohloff ☞ Developer for over 10 years ☞ Freelancer & consultant helping companies with Rails and ReactJS ☞ Credit card data stolen (ca. €2.500 in 2009) ☞ Affected by breaches: MyFitnessPal (2018), BrowserStack (2014), Kickstarter (2014), Gawker (2010) and others ☞ Private photo sharing plattform (2013) Holger Frohloff 2
  • 3. German Bundestag | Picture by Thomas Quine (CC- BY-2.0) Holger Frohloff 3
  • 4. Mossack Fonseca - Panama Papers | Picture by Falco Emert (CC-BY-2.0) Holger Frohloff 4
  • 5. Texas Lottery Picture by Wil C. Fry (CC BY-NC-ND 2.0) Holger Frohloff 5
  • 6. Picture by shopcatalog.com(CC BY 2.0) Holger Frohloff 6
  • 7. Visualization: Information is beautiful http://www.informationisbeautiful.net/visualizations/worlds- biggest-data-breaches-hacks/ Holger Frohloff 7
  • 8. GDPRGeneral Data Protection Regulation Holger Frohloff 8
  • 10. The history ☞ Approved and adopted by the EU Parliament in April 2016. ☞ Will take effect and be in force from May 25th 2018. ☞ OECD guidelines from the 1980s and a Data Protection Directive from 1995 Holger Frohloff 10
  • 12. Who does it apply to ☞ Organizations located within the EU ☞ Organizations outside of the EU (if they offer goods or services to, or monitor the behavior of, EU data subjects) ☞ Processing & holding the personal data of data subjects residing in the European Union Holger Frohloff 12
  • 13. Violations and finesPhoto by Gerry Lauzon (CC-BY-2.0) Holger Frohloff 13
  • 14. Violations and fines ☞ up to 2% of annual global turnover for breaching GDPR or ☞ €10 Million, whichever is higher Holger Frohloff 14
  • 16. Personal data ☞ Any information related to a natural person or ‘Data Subject’ ☞ used to directly or indirectly identify the person. ☞ name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. Holger Frohloff 16
  • 17. Key points Consent Right to Access Data Portability Right to be Forgotten Privacy by design Privacy by default Holger Frohloff 17
  • 18. Consent Article 7 ☞ legible ☞ clear & distinguishable ☞ giving and withdrawing made easy Holger Frohloff 18
  • 19. Consent Article 7 ❝Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.❞ Holger Frohloff 19
  • 20. Right of Access Article 15 ☞ Confirmation whether or not personal data concerning them is being processed, where and for what purpose. ☞ Receive their data, free of charge, in a machine-readable format ☞ At any time Holger Frohloff 20
  • 21. Data Portability Article 20 ☞ Data controller transmit their data to another controller ☞ Without hindrance ☞ Free of charge Holger Frohloff 21
  • 22. Right to be forgotten Article 17 ☞ Erasure of personal data ☞ Without undue delay ☞ Halt processing with third parties ☞ A little respect Photo by Andwhatsnext on Wikipedia (CC-BY- SA-3.0) Holger Frohloff 22
  • 23. Privacy by design & Privacy by default Article 25 ☞ Optimal data protection to be provided as standard ☞ Security of data and the proper steps to ensure privacy should be the default Holger Frohloff 23
  • 24. Privacy by Default Framework and why the GDPR makes sense Holger Frohloff 24
  • 25. Data Protection Impact Assessments (DPIA) ☞ Required for data-intensive projects, make sense for almost every (bigger) project ☞ Results accessible for all parties involved ☞ Describe processes related to data and privacy risks Holger Frohloff 25
  • 26. Data Collection and Retention ☞ Data collection & processing? Retention, storage location (cloud?) ☞ How long? When deleted? ☞ Consent? Verifiable? Explicit? Legal basis? ☞ Controls about retention for users? Holger Frohloff 26
  • 27. Technical and Security Measures ☞ Do you use encryption, anonymization, pseudonymization? ☞ Backups? How? When? ☞ What TSM exist at host (AWS etc.)? Holger Frohloff 27
  • 28. Personnel ☞ Who has access? ☞ Data protection training? ☞ Security measures people work with? ☞ Process for handling data breach notifications? ☞ Process for government requests? Holger Frohloff 28
  • 29. Data subject (access) rights ☞ How can they access their rights (erasure, portability, access, be forgotten) ☞ How can they restrict their data? How object? ☞ How can they withdraw consent? Holger Frohloff 29
  • 30. Legal ☞ Contracts for all data processors, including subcontractors? ☞ Is data transferred outside of the EU? ☞ If yes, what safeguards and protective measures do exist? Holger Frohloff 30
  • 31. Risks ☞ Risks for data subject exist (in case of misuse, breach, mis-access, loss)? ☞ Risks in case of modification? ☞ Main sources of risk? ☞ Steps for mitigation? Which possible? Which taken? Holger Frohloff 31
  • 33. Document it all ☞ Libraries ☞ Tools ☞ Frameworks ☞ Workflows ☞ Document how you write, test, review, document & deploy it Holger Frohloff 33
  • 34. External libraries ☞ Are they safe? (Look for DPIAs / documentation about GDPR compliance) ☞ Handling of security vulnerabilities ☞ Data collection & retention? ☞ => Opportunity for OSS authors to increase adoption by EU devs Holger Frohloff 34
  • 35. Code Reviews ☞ Code quality doesn’t cut it anymore ☞ Look for handling of data, adherence to PbD, possibilities of encryption/sandboxing etc. Holger Frohloff 35
  • 38. Thank you☞ https://idiomaticrails.com/gdpr: My newsletter about privacy and technology (With double opt-in & 100% less tracking 😉) ☞ Twitter: 5minpause (rarely used) ☞ https://gdpr-info.eu/ A comprehensive website about the regulation Holger Frohloff 38
  • 39. Sources #1: ☞ Bundestag - Thomas Quine - https://flic.kr/p/d9bCDd ☞ Panama City - Falco Emert - https://flic.kr/p/FgbicY ☞ Estimated Cash Value: $496,000,000 - Wil C. Fry - https://flic.kr/ p/C1wPYR ☞ Bend man - Marten Newhall on Unsplash - https:// unsplash.com/photos/uAFjFsMS3YY ☞ TVintage - Ajeet Mestry on Unsplasg - https://unsplash.com/ photos/UBhpOIHnazM Holger Frohloff 39
  • 40. Sources #2 ☞ Parking Ticket Note - Gerry Lauzon - https://flic.kr/p/Aw1WP ☞ Info - Arvin Febry - https://unsplash.com/photos/ V4mNfkDmiX4 ☞ Thick Rope Knot - Robert Zunikoff - https://unsplash.com/ photos/-yz22gsqAH0 ☞ Step up - Mikito Tateisi - https://unsplash.com/photos/ bJhT_8nbUA0 ☞ Shopping in Amsterdam - Guus Baggermans - https:// unsplash.com/photos/fbDPzqOXwuY Holger Frohloff 40
  • 41. Sources #3 ☞ Erasure, 1986 - Andwhatsnext - https://de.wikipedia.org/wiki/ Erasure#/media/File:Erasure-andy-vince-wolfgangs-np.jpg ☞ Black Sign White Text - Kai Brame - https://unsplash.com/ photos/QnYDCO6dFPk ☞ Cat beneath blanket - Mikhail Vasilyev - https://unsplash.com/ photos/NodtnCsLdTE ☞ Paper Mountain - Christa Dodoo - https://unsplash.com/photos/ MldQeWmF2_g Holger Frohloff 41
  • 42. Sources #4 ☞ Isolated - Jayka Herrera - https://unsplash.com/photos/ gM3NL_uqDFE ☞ Guy Fawkes mask - Samuel Zeller - https://unsplash.com/ photos/VPnmmVSJy1M ☞ Yellow Airport sign - Paul Green - https://unsplash.com/photos/ gWFXgcH-LeU ☞ Elegant man loosening tie - Ben Rosett - https://unsplash.com/ photos/WdJkXFQ4VHY ☞ House on the edge - Cindy Tang - https://unsplash.com/photos/ Holger Frohloff 42
  • 43. Sources #5 ☞ Shelf full binders - Samuel Zeller - https://unsplash.com/photos/ vpR0oc4X8Mk/info ☞ Open for business - Clem Onojeghuo - https://unsplash.com/ photos/lYjEYq5iUGU ☞ Rechercher - Olloweb Solutions - https://unsplash.com/photos/ d9ILr-dbEdg Holger Frohloff 43