GDPR for Developers [presentation]
On a recent meetup in Amsterdam I talked about GDPR from a technical point of view, effectively turning my “GDPR – a practical guide for developers” article into a talk.
If you’re interested, you can also listen to a shortened version of the presentation on a webinar organized by AxonIQ, where I joined Frans van Buul.
The interesting thing that I can share after the meetup and after meeting with clients is that everyone (maybe unsurprisingly) has a very specific question that doesn’t get an immediate answer even after you follow the general guidelines. That is maybe a problem on the Regulation’s side, as it has not brought sufficient clarity to businesses.
As I said during the presentation – in technology we’re used with binary questions. In law and legal compliance an answer is somewhere on a scale between 1 and 10. “Do I have to encrypt my data at rest”? Well, I guess yes, but in terms of compliance I’d say “6 out of 10”, as it is not strict, depends on the multiple people’s interpretation of the sensitivity of the data and on other factors like access control.
So the communication between legal and technical people is key to understand what exactly implementation changes are needed.
On a recent meetup in Amsterdam I talked about GDPR from a technical point of view, effectively turning my “GDPR – a practical guide for developers” article into a talk.
If you’re interested, you can also listen to a shortened version of the presentation on a webinar organized by AxonIQ, where I joined Frans van Buul.
The interesting thing that I can share after the meetup and after meeting with clients is that everyone (maybe unsurprisingly) has a very specific question that doesn’t get an immediate answer even after you follow the general guidelines. That is maybe a problem on the Regulation’s side, as it has not brought sufficient clarity to businesses.
As I said during the presentation – in technology we’re used with binary questions. In law and legal compliance an answer is somewhere on a scale between 1 and 10. “Do I have to encrypt my data at rest”? Well, I guess yes, but in terms of compliance I’d say “6 out of 10”, as it is not strict, depends on the multiple people’s interpretation of the sensitivity of the data and on other factors like access control.
So the communication between legal and technical people is key to understand what exactly implementation changes are needed.
Hi,
I’d like to ask what is your recommendation to comply with GDPR in the following case:
– you’re running a company with email server, someone writes you a letter signed with his name and address, but there is no consent to process his data.
What should you do according to GDPR?
The consent is implicit. If they’ve sent you an email, it’s obvious that they agree to you processing their data. You may actually qualify this as “legitimate interest” as well. I don’t think anyone can make a case about processing emails in this scenario 🙂