Difference between revisions of "General Data Protection Regulation"

From GnuCash
Jump to: navigation, search
(Abstract)
 
m ({{*Url}} -> {{URL:*}})
 
(8 intermediate revisions by 3 users not shown)
Line 3: Line 3:
 
You can read or download the official document in all EU languages and several formats as [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG EUR-Lex Document 32016R0679].
 
You can read or download the official document in all EU languages and several formats as [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG EUR-Lex Document 32016R0679].
  
== Who is affected ==
+
== Intro ==
 +
While there is some fear about it because of penalties up to <code>max (20 Mio. EUR; 4% of annual global revenue)</code>, others see chances for FOSS:
 +
:Marc Jones: FOSS and the GDPR - Overview of key changes to EU privacy law that FOSS can use to promote individual's privacy and autonomy ([https://archive.fosdem.org/2017/schedule/event/foss_and_the_gdpr/attachments/slides/1641/export/events/attachments/foss_and_the_gdpr/slides/1641/gdpr_foss.pdf slides], [https://www.youtube.com/watch?v=Jl5t-wdiRmk video]) at [https://fosdem.org/ FOSDEM] 2017.
 +
A nice abstract is [https://opensource.com/article/18/4/gdpr-impact How will the GDPR impact open source communities?].
 +
=== ePrivacy aka Cookie Law ===
 +
It is the sibbling of GDPR. Its final main target are tools like ''Google Analytics''. And it needs a review on {{URL:www}} as that stores at least a language cookie.
 +
 
 +
== Organisation-wide Data Audit ==
 +
Identify
 +
* what data you have,
 +
* where it is and
 +
* how it is being used.
 +
 
 +
* Distinguish between personal and non-personal data,
 +
* identify its use,
 +
* the processes applied to it and
 +
* the legal considerations.
 +
 
 +
Final takeaways to become GDPR-compliant:
 +
* Request for consent and purpose of data collected must be intelligible – for sensitive personal data, users will have to “opt in” rather than “opt out”
 +
* Individuals must have the right to access their data:
 +
* Individuals must have the right to withdraw consent and prevent further dissemination of data:
 +
* Those concerned must be notified if there is a security breach.
 +
---
 +
 
 +
[https://code.gnucash.org/logs/2018/05/24.html#T19:52:55 Notes from 2018-05-24 on IRC]
 +
 
 +
== Open Questions ==
 +
* How does GDPR interact with the GnuCash mailing lists, bugzilla, git repositories, IRC Logs, and/or wiki?
 +
* What changes (if any) should/must we make to the GnuCash mailing lists and archives?
 +
* What do we do if a user asks for their old posts to be removed?

Latest revision as of 01:57, 30 January 2024

In May 2018 EUs General Data Protection Regulation (GDPR) finally replaced Directive 95/46/EC.

You can read or download the official document in all EU languages and several formats as EUR-Lex Document 32016R0679.

Intro

While there is some fear about it because of penalties up to max (20 Mio. EUR; 4% of annual global revenue), others see chances for FOSS:

Marc Jones: FOSS and the GDPR - Overview of key changes to EU privacy law that FOSS can use to promote individual's privacy and autonomy (slides, video) at FOSDEM 2017.

A nice abstract is How will the GDPR impact open source communities?.

ePrivacy aka Cookie Law

It is the sibbling of GDPR. Its final main target are tools like Google Analytics. And it needs a review on https://www.gnucash.org/ as that stores at least a language cookie.

Organisation-wide Data Audit

Identify

  • what data you have,
  • where it is and
  • how it is being used.
  • Distinguish between personal and non-personal data,
  • identify its use,
  • the processes applied to it and
  • the legal considerations.

Final takeaways to become GDPR-compliant:

  • Request for consent and purpose of data collected must be intelligible – for sensitive personal data, users will have to “opt in” rather than “opt out”
  • Individuals must have the right to access their data:
  • Individuals must have the right to withdraw consent and prevent further dissemination of data:
  • Those concerned must be notified if there is a security breach.

---

Notes from 2018-05-24 on IRC

Open Questions

  • How does GDPR interact with the GnuCash mailing lists, bugzilla, git repositories, IRC Logs, and/or wiki?
  • What changes (if any) should/must we make to the GnuCash mailing lists and archives?
  • What do we do if a user asks for their old posts to be removed?