GDPR - enquiry - iot
-
How about the remote file shredder? (Proposed as an April fool's joke by I-can't-remember-who)
Ad astra - both ways!
-
Quick Google search produced this: General Data Protection Regulation (GDPR)[^] May lead you to what you are looking for?
Who wrote that document? It's so clear that I am amazed -- did not expect that. :thumbsup: Also, before I read that I thought GDPR was more stupid legislation that would mostly stifle innovation. However, that document really makes things clear that it is about stopping people from collecting data from you without your consent and making it far more clear when they do collect data from you. Thanks for posting that. Very good.
-
Who wrote that document? It's so clear that I am amazed -- did not expect that. :thumbsup: Also, before I read that I thought GDPR was more stupid legislation that would mostly stifle innovation. However, that document really makes things clear that it is about stopping people from collecting data from you without your consent and making it far more clear when they do collect data from you. Thanks for posting that. Very good.
I can assure you that the official EU document is exactly what you would expect. Oh, and it will stifle certain types of innovation. Farcebook is moving its stored data away from the EU. :)
Wrong is evil and must be defeated. - Jeff Ello
-
If another forum better then the lounge for this, let me know. What are the GDPR rules for my Lightbulb indication software? So given I have a bunch of lightbulbs that will connect over the internet to a web server, which you can log into in a brower to see gathered on/off states of your lightbulbs. now in the server side of things, you can mark up the lightbulbs as much as you want. Meaning you can put in say lightbulb 1365 is in Room: Billys Room, at 14 Acre Road, London. The sensor only transmit out its ID and state of on/off. It has no location information. So the discussion, in my view, is left to the user to put in what every details they want. What obligations do I need to get consent from to indicate that the service provide (me) needs to get? A side from clear sign up indication like: The details you choose to enter are totatly up to you. All sensor data is clear of GEO Location or specific details. Details entered only stored on service side, and used on your report pages. Not even understood the cookie thing, because to remove the message that you don't want cookie tracking, you would keep that information in a cookie so you dont prompt the user constantly.
GDPR is a big hairy mess that many people are doing what they can, within their means, and just hoping and praying. You need to 1. Demonstrate you are controlling access to your data. Only those who should get access get access, and only to the data they need 2. Demonstrate you are securing your data. Eg if someone hacks your system and gets your data, personal info is still safe due to encryption 3. Provide your users with the ability to be forgotten. That means every single piece of personally identifiable info about them, including IP address (including in web logs) must be purged on request 4. Provide data portability: your users need to be able to access the data you have on them and be able to send it in legible form to someone else 5. Announce if you've had a data breach The devil's in the details. Good luck.
cheers Chris Maunder
-
GDPR is a big hairy mess that many people are doing what they can, within their means, and just hoping and praying. You need to 1. Demonstrate you are controlling access to your data. Only those who should get access get access, and only to the data they need 2. Demonstrate you are securing your data. Eg if someone hacks your system and gets your data, personal info is still safe due to encryption 3. Provide your users with the ability to be forgotten. That means every single piece of personally identifiable info about them, including IP address (including in web logs) must be purged on request 4. Provide data portability: your users need to be able to access the data you have on them and be able to send it in legible form to someone else 5. Announce if you've had a data breach The devil's in the details. Good luck.
cheers Chris Maunder
So, in every point things you would want to know from your outsourcing company. Right?
Wrong is evil and must be defeated. - Jeff Ello
-
-
GDPR is a big hairy mess that many people are doing what they can, within their means, and just hoping and praying. You need to 1. Demonstrate you are controlling access to your data. Only those who should get access get access, and only to the data they need 2. Demonstrate you are securing your data. Eg if someone hacks your system and gets your data, personal info is still safe due to encryption 3. Provide your users with the ability to be forgotten. That means every single piece of personally identifiable info about them, including IP address (including in web logs) must be purged on request 4. Provide data portability: your users need to be able to access the data you have on them and be able to send it in legible form to someone else 5. Announce if you've had a data breach The devil's in the details. Good luck.
cheers Chris Maunder
That all sounds eminently sensible for me, and a long overdue rebalance of rights in favour of the consumer. The recent Cambridge Analytica/Facebook fiasco should be sufficient evidence of the need for this.
"If you don't fail at least 90 percent of the time, you're not aiming high enough." Alan Kay.
-
That all sounds eminently sensible for me, and a long overdue rebalance of rights in favour of the consumer. The recent Cambridge Analytica/Facebook fiasco should be sufficient evidence of the need for this.
"If you don't fail at least 90 percent of the time, you're not aiming high enough." Alan Kay.
It is all common sense. Except it's hard. It's like they want to make a car 100% safe and have zero fatalities, but they also want a car that people actually enjoy driving and more important, want to buy. Take backups as an example. Backups contain Personally Identifiable Info (PII). If someone requests to be forgotten then they need to be purged everywhere. EVERYWHERE. Except who is going to go and screw around with their backups to purge data from backups? You'd want to make a backup before such a dangerous operation, right? It's also a little vague. It talks about a Data Subject not EU citizen, and the consensus is that this means anyone in the EU. So an Australian on holidays to the EU has the rights the GDPR instills simply by being in the EU. However, how do you prove someone's actually in the EU when they make a right to be forgotten request? What if they access the internet via a VPN or Proxy that's based in the States? Essentially you have assume the GDPR applies to everyone on the planet. Given that there are about 100 of these types of regulations around it's become the case that you have to cater to the lowest common denominater. The burden on companies who are honestly trying to do the right thing and are barely making it through their day dealing with their actual business is overwhelming. They basically live with the Sword of Damocles hanging over them.
cheers Chris Maunder
-
So, in every point things you would want to know from your outsourcing company. Right?
Wrong is evil and must be defeated. - Jeff Ello
I'm sure it's causing a few coronary episodes among data providers.
cheers Chris Maunder
-
I'm sure it's causing a few coronary episodes among data providers.
cheers Chris Maunder
I'm sure it does. But is that a bad thing? It makes them straighten up their business.
Wrong is evil and must be defeated. - Jeff Ello