Something about cookies and GDPR. https://www.cookielaw.org/blog/2016/5/13/the-gdpr,-cookie-consent-and-customer-centric-privacy/
2017-06-03 0:06 GMT+01:00 Carlos Kitu <carlos.k...@gmail.com>: > Hi Antonio, > I don't know the UK regulations about GDPR, but I know the spanish ones, > and in this subject both countries apply the european regulation, thus i > think that they must be quite similar. > The spanish data protection regulations defines three levels of security > personal data, related to a degree of sensitivity. Each level requires > different means of protection. > As far as I remember, at the highest level you are not required to encrypt > the data stored at the server. You are requested to encrypt the data stored > in removable media to be transported to another place(i.e. to send data, or > to keep backup copies off-site), this is related to backup software, not > the application or databases. Of course you are required to cipher your > communication with the browser, with https. Another requirement is to track > every change of the high security level data (previous value, updated > valued, access date, who accessed), but you can do that easily with the > framework with oncreation functions, for example. > > Personal data protection involves formal measures (like getting explicit > consent to record the information), and technical measures. Another > difficult issue is the IT service providers(i.e. hosting). If you use a > hosting service, you need specific contract clauses to address the Personal > data issue. And you can't put the data anywhere. It must be in an european > country, or a country with an equivalent regulation level(see this link: > https://www.theguardian.com/technology/2015/oct/06/safe- > harbour-european-court-declare-invalid-data-protection) > > With regard to the article: > *In the UK, the Information Commissioner has provided guidance that, in > the case of data loss where encryption software has not been used to > protect the data, regulatory action may be pursued. * > I think that they are speaking about losing removable unciphered media. If > there is a data loss in your premises, there is no risk of disclosing > personal data, just of losing personal information, which is also punished > by that regulation. > > *The study revealed that 34% of web pages of FT30 firms that collect PII > are doing so insecurely, 29% are not using encryption, 3.5% are using > vulnerable encryptions algorithms, and 1.5% have expired security > certificates.* > This may be related with the communications. If you use https I think that > you are safe. > > I suggest you to have a look at the Personal data protection regulations, > because the news papers is an incomplete source, at best. > > And if you still need to cipher the data at the server, there is a long > post here > <https://groups.google.com/forum/#!searchin/web2py/filter_in$20encryption%7Csort:relevance/web2py/uGFQD0PBefQ/GJ0kdGoTHigJ> > about this subjetc, with this example: > db.define_table('contact', > Field('user_id', db.auth_user, default=auth.user_id, readable=False, > writable=False), > Field('email', label='Contact email'), > Field('phone', label='Contact phone') > ) > > > db.contact.email.requires = [IS_EMAIL(error_message="Wrong email address" > )] > db.contact.phone.requires= [IS_LENGTH(maxsize=30, error_message="Bit too > long, right?")] > db.contact.email.filter_in = lambda value : w2p_encrypt(value) > db.contact.phone.filter_in = lambda value : w2p_encrypt(value) > db.contact.email.filter_out = lambda value : w2p_decrypt(value) > db.contact.phone.filter_out = lambda value : w2p_decrypt(value) > > Good look and best regards. > > El jueves, 1 de junio de 2017, 12:40:15 (UTC+2), Ramos escribió: >> >> I have 3 apps where i need to address this issue... >> >> >> http://www.computerweekly.com/news/450419960/Top-UK-firms-we >> bsites-violate-key-GDPR-principle?utm_medium=EM&asrc=EM_EDA_ >> 77932701&utm_campaign=20170601_Top%20UK%20firms%E2%80%99% >> 20websites%20violate%20key%20GDPR%20principle&utm_source=EDA >> >> Regards >> António >> >> >> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> >> Sem >> vírus. www.avast.com >> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> >> <#m_6410490915950140020_CAEM0BxOt_yRJdomZkuFp9+x-r1QLR7cUmVB+t2ZjDDf6QpMt8w@mail.gmail.com_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >> > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
