just found the solution for pseudonimization of personal data as suggested by GDPR
http://www.web2pyslices.com/slice/show/2012/encrypt-information-into-the-database Web2py is GDPR ready! Regards António 2017-07-04 22:26 GMT+01:00 António Ramos <ramstei...@gmail.com>: > Something about cookies and GDPR. > > https://www.cookielaw.org/blog/2016/5/13/the-gdpr,- > cookie-consent-and-customer-centric-privacy/ > > 2017-06-03 0:06 GMT+01:00 Carlos Kitu <carlos.k...@gmail.com>: > >> Hi Antonio, >> I don't know the UK regulations about GDPR, but I know the spanish ones, >> and in this subject both countries apply the european regulation, thus i >> think that they must be quite similar. >> The spanish data protection regulations defines three levels of security >> personal data, related to a degree of sensitivity. Each level requires >> different means of protection. >> As far as I remember, at the highest level you are not required to >> encrypt the data stored at the server. You are requested to encrypt the >> data stored in removable media to be transported to another place(i.e. to >> send data, or to keep backup copies off-site), this is related to backup >> software, not the application or databases. Of course you are required to >> cipher your communication with the browser, with https. Another requirement >> is to track every change of the high security level data (previous value, >> updated valued, access date, who accessed), but you can do that easily with >> the framework with oncreation functions, for example. >> >> Personal data protection involves formal measures (like getting explicit >> consent to record the information), and technical measures. Another >> difficult issue is the IT service providers(i.e. hosting). If you use a >> hosting service, you need specific contract clauses to address the Personal >> data issue. And you can't put the data anywhere. It must be in an european >> country, or a country with an equivalent regulation level(see this link: >> https://www.theguardian.com/technology/2015/oct/06/safe-harb >> our-european-court-declare-invalid-data-protection) >> >> With regard to the article: >> *In the UK, the Information Commissioner has provided guidance that, in >> the case of data loss where encryption software has not been used to >> protect the data, regulatory action may be pursued. * >> I think that they are speaking about losing removable unciphered media. >> If there is a data loss in your premises, there is no risk of disclosing >> personal data, just of losing personal information, which is also punished >> by that regulation. >> >> *The study revealed that 34% of web pages of FT30 firms that collect PII >> are doing so insecurely, 29% are not using encryption, 3.5% are using >> vulnerable encryptions algorithms, and 1.5% have expired security >> certificates.* >> This may be related with the communications. If you use https I think >> that you are safe. >> >> I suggest you to have a look at the Personal data protection regulations, >> because the news papers is an incomplete source, at best. >> >> And if you still need to cipher the data at the server, there is a long >> post here >> <https://groups.google.com/forum/#!searchin/web2py/filter_in$20encryption%7Csort:relevance/web2py/uGFQD0PBefQ/GJ0kdGoTHigJ> >> about this subjetc, with this example: >> db.define_table('contact', >> Field('user_id', db.auth_user, default=auth.user_id, readable=False, >> writable=False), >> Field('email', label='Contact email'), >> Field('phone', label='Contact phone') >> ) >> >> >> db.contact.email.requires = [IS_EMAIL(error_message="Wrong email address" >> )] >> db.contact.phone.requires= [IS_LENGTH(maxsize=30, error_message="Bit too >> long, right?")] >> db.contact.email.filter_in = lambda value : w2p_encrypt(value) >> db.contact.phone.filter_in = lambda value : w2p_encrypt(value) >> db.contact.email.filter_out = lambda value : w2p_decrypt(value) >> db.contact.phone.filter_out = lambda value : w2p_decrypt(value) >> >> Good look and best regards. >> >> El jueves, 1 de junio de 2017, 12:40:15 (UTC+2), Ramos escribió: >>> >>> I have 3 apps where i need to address this issue... >>> >>> >>> http://www.computerweekly.com/news/450419960/Top-UK-firms-we >>> bsites-violate-key-GDPR-principle?utm_medium=EM&asrc=EM_EDA_ >>> 77932701&utm_campaign=20170601_Top%20UK%20firms%E2%80%99%20w >>> ebsites%20violate%20key%20GDPR%20principle&utm_source=EDA >>> >>> Regards >>> António >>> >>> >>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> >>> Sem >>> vírus. www.avast.com >>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> >>> <#m_8463599738101271782_m_6410490915950140020_CAEM0BxOt_yRJdomZkuFp9+x-r1QLR7cUmVB+t2ZjDDf6QpMt8w@mail.gmail.com_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>> >> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
