|
|
|
|
|
- Overview
- Personal data
- Definition
- Main rights of data subject
- Legal obligations
- Technical solutions
- Data encryption and protection
- Anonymization and pseudonymization
- Identification of users
- Pseudonymization
- Principle
- Secure enclave
- Vocabulary
- Privacy by Design
- Privacy by Default
- Pseudonymization (article 4.5)
- Consent (article 4.11)
- References
From May 25, 2018, the GDPR (General Data Protection Regulation) replaced the "Informatique et Libertés" law in force since January 6, 1978. The purpose of GDPR is to reinforce and standardize in all European countries the rights of physical persons regarding the protection of personal data. This help page presents an overview of GDPR. To find out the GDPR requests and the solutions proposed by WINDEV/WEBDEV and WINDEV Mobile, see: Definition According to article 4.1, is considered as being personal data: "any information relating to an identified or identifiable natural person (‘data subject') ; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ;". This definition is very broad and it includes not only data such as the email address or the IP address but also couples of information such as the name and the city. Therefore, GDPR is not limited to personal "sensitive" data (religion, biometric data, etc.) with a specific and restricting pane in GDPR. Main rights of data subject The main rights supplied by GDPR to the data subject whose personal data is stored in files are as follows: - Right to be informed and right of access: you must provide individuals with information regarding your purposes for processing their personal data (see "content")
- Right to rectification and to erasure: personal data can be rectified or erased upon request.
- Right to restrict processing: individuals have a right to limit processing of personal data in specific conditions.
- Right to data portability: you must provide the personal data in a structured, commonly used and machine readable form.
- Right to object: Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling).
The officer responsible for the processing of personal data must comply with a set of obligations defined in GDPR: - Data protection by implementing technical and organisational measures to show that you have considered and integrated data protection into your processing activities.
- Data protection during design ("Privacy by Design") and data protection by default ("Privacy by Default").
- Records of processing activities.
- Notification of personal data breaches.
- Implementation of impact assessments (on "sensitive" processes).
Several technical solutions can be implemented to comply with the GDPR instructions. It is important to remind that the employees of a company hosting personal data must process all personal data lawfully, fairly and in a transparent manner. Indeed, GDPR asks the companies to control and limit the access to personal data. GDPR provides no "read-to-use" solutions but it provides indications such as the article 25: "Data protection during design and data protection by default" (see "Vocabulary", "Privacy by Design" and "Privacy by Default"). Data encryption and protection The encryption and protection of personal data are essential but not sufficient to comply with GDPR. Anonymization and pseudonymization Data anonymization, if it is extensive, allows to exit from GDPR perimeter. However, it is very difficult to implement according to the business areas. Indeed, data anonymisation must be irreversible. Data pseudonymisation is an "easier" solution recommended by GDPR. Identification of users Identifying the users of applications accessing personal data is essential. What is the purpose of encrypting data if all users can access keys? Therefore, it is essential to precisely identify the actions of users regarding personal data: the simple access (if allowed), the reason and the creation of a history. Principle Pseudonymization consists in generating an "identifier" that is used to establish the link between personal data of data subjects. These identifiers must be stored in a secure way with a strong access control. The data is not anonymous but it cannot be identified. However, with this type of technique, it remains possible to establish the link between "identifier" and "individual" by owning the correspondence database. Therefore, this data must be protected in an efficient way and accesses to data must be controlled. Secure enclave The principle of secure enclave is used to fulfill several GDPR issues. It consists in storing personal data in one or more enclaves. According to this principle, only the enclave can establish the link with an individual. The secure enclave guarantees the data protection. Using a secure enclave allows you to easily manage the right to be forgotten (all you have to do is erase data from the enclave for the requested individual). Privacy by Design Privacy by Design is an approach to projects that promotes privacy and data protection compliance from the start. This concept is based on 7 principles: - The Privacy by Design approach is characterized by proactive rather than reactive measures ; it anticipates and prevents privacy invasive events before they happen,
- Privacy by Design seeks to deliver the maximum degree of privacy,
- Privacy by Design is embedded into the design and architecture of IT systems and business practices,
- Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made,
- Privacy by Design extends securely throughout the entire lifecycle of data involved,
- Privacy by Design seeks visibility and transparence,
- Respect the users.
Privacy by Default Privacy by Default means that once a product or service has been released to the public, the strictest privacy settings should apply by default. The concept of Privacy by Default is linked to the concept of "Privacy by Design" but it is mainly based on the processing and on the management of consents. Pseudonymization (article 4.5) "[..] 'pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;". Consent (article 4.11) "[..] 'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;". References - GDPR, official text: "http://eur-lex.europa.eu/legal-content/FR/TXT/HTML/?uri=CELEX:32016R0679&from=FR"
- Information and privacy commissioner of Ontario: "https://www.ipc.on.ca"
This page is also available for…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|