Login / Register 0 items | $0.00 New @ KVR
chipnix
KVRist
 
31 posts since 18 Sep, 2011

Postby chipnix; Mon May 07, 2018 7:13 am General Data Protection Regulation (GDPR) - useful/practical tips for small developers

I think there are many who are a little overwhelmed with it.
This thread is not intended to discuss how good or bad the GDPR is. It is also not intended for general political discussions, you can open another thread if somebody wants to discuss that.

https://en.wikipedia.org/wiki/General_D ... Regulation

This thread is intended to give practical tips, especially for small developers/one person companies how to handle the GPDR.

So what can you do to be GPDR compliant?

1. Don't Panic!

2. Make your Website HTTPS

3. Update your privacy policy

Whats your favourite resource for this?

4. Sign Data Processing Agreements

Google Analytics?
http://www.google.com/analytics/terms
(For some countries there are forms you can sign and send them to google)
http://www.google.com/analytics/terms/de.pdf

Mailchimp:
https://mailchimp.com/legal/forms/data- ... agreement/

What are your tips/suggestions?
User avatar
Urs
u-he
 
22230 posts since 7 Aug, 2002, from Berlin

Postby Urs; Mon May 07, 2018 7:31 am Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

Minimize what you store about your customers, and for how long. Know where this information is stored, and who has access to it. Know what you store. Have that available in written form.

Each of us certainly need name, email address and license information to provide for customer support. It's common sense, I guess. So if anyone wants his records erased with us, we will request that he understands that license retrieval, license transfers and support are no longer possible. Alternatively, figure out what you accept as proof of purchase, should someone ask for support when his data was wiped. Maybe ask a lawyer.

If you travel abroad, wipe your laptop of any customer information.

Use locally hosted support/ticket systems.

If you have a database, keep it local. Consider hashing customer's email addresses. If a customer contacts you and you need to retrieve data, hash his email address and find a match. (the law encourages anonymization of data)

Delete backups you don't need anymore.

Say hi to your local data protection authority and let them know that you've taken all steps necessary to comply with GDPR.
quikquak
KVRist
 
375 posts since 6 Aug, 2005, from England

Postby quikquak; Mon May 07, 2018 2:44 pm Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

I’m allowed to keep share-it sales info that gets emailed and kept on my studio computer? It’ll be a massive pain if I can’t easily keep tabs on real purchase users. I guess I can just use Share-it’s records which is a little painful to use.
User avatar
Urs
u-he
 
22230 posts since 7 Aug, 2002, from Berlin

Postby Urs; Tue May 08, 2018 2:30 am Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

quikquak wrote:I’m allowed to keep share-it sales info that gets emailed and kept on my studio computer? It’ll be a massive pain if I can’t easily keep tabs on real purchase users. I guess I can just use Share-it’s records which is a little painful to use.

Of course you can keep them. You just need to document this and write that sheet which says who's handling those and what for.

I will probably delete them on a monthly schedule and keep nothing older than a quarter.

This whole thing is quite a bit about "if and once data is breached, have a really good reason why you had it in the first place". So if data isn't essential, remove it. If you can anonymize, do so. If someone handles the data (customer support, newsletter etc.), know what they do, and restrict it to the amount of information necessary.
User avatar
Urs
u-he
 
22230 posts since 7 Aug, 2002, from Berlin

Postby Urs; Sun May 13, 2018 12:40 am Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

Hmmm, I surfed around a bit and found that hardly anyone has prepared anything.

Anyone who sells his stuff to EU customers through his shop needs some kind of privacy policy from May 25th, i.e. a way to inform users what personal data they'll collect, process and store (name, email, day of purchase), what they need it for and on which legal grounds (e.g. fullfil a contract, give support), where they get if from (e.g. ShareIt), how long they'll store it, who they share it with (hopefully no-one).

As for MailChimp, we're biting the bullet and ask our subscribers to rejoin on a fresh list, using MailChimp's GDPR-compliant forms. Next week we'll upload our new privacy policy, set up a new sign-up procedure and we'll send that final newsletter before that date.

As for Google Analytics - we hardly ever used it. We're dropping it from our website next week as well. We'll check our logfile statistics to see if traffic goes up or down.

- U
stratum
KVRAF
 
1852 posts since 29 May, 2012

Postby stratum; Sun May 13, 2018 1:23 am Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

Anyone who sells his stuff to EU customers through his shop needs some kind of privacy policy from May 25th, i.e. a way to inform users what personal data they'll collect, process and store (name, email, day of purchase), what they need it for and on which legal grounds (e.g. fullfil a contract, give support), where they get if from (e.g. ShareIt), how long they'll store it, who they share it with (hopefully no-one).


I wonder how this will actually be checked when the seller is outside E.U.
~stratum~
chipnix
KVRist
 
31 posts since 18 Sep, 2011

Postby chipnix; Sun May 13, 2018 2:42 am Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

Maybe we could create a privacy policy, for share-it users or similar, as a community project.
This is not legal advice, here a start / a kind of blueprint for free use.

We use XYZ as our distribution platform. XYZ acts here as a reseller of our goods. When you place an order on this website, you will be redirected to server of XYZ.
The general terms and conditions of XYZ can be found on this website. (link)

After the purchase is successfully completed, we receive access to the general order data such as name, title, address, telephone number, order number, sales price.

(What do think is missing?)
User avatar
FabienTDR
KVRian
 
975 posts since 23 Feb, 2012

Postby FabienTDR; Sun May 13, 2018 9:08 am Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

I find most stuff to follow the previous German regulations anyway (beside trivial details).

But I wonder about this, Urs, can you elaborate please?

Urs wrote:Say hi to your local data protection authority and let them know that you've taken all steps necessary to comply with GDPR.
Fabien from Tokyo Dawn Records

Check out my audio processors over at the Tokyo Dawn Labs!
User avatar
Urs
u-he
 
22230 posts since 7 Aug, 2002, from Berlin

Postby Urs; Sun May 13, 2018 11:37 pm Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

FabienTDR wrote:I find most stuff to follow the previous German regulations anyway (beside trivial details).

But I wonder about this, Urs, can you elaborate please?

Urs wrote:Say hi to your local data protection authority and let them know that you've taken all steps necessary to comply with GDPR.

You need to announce the person responsible for privacy to the local data protection authority. I'm not sure if that accounts for all small businesses, but it is certainly necessary as soon as you have at least 1 employee whose pay checks and tax statements you handle.
User avatar
Urs
u-he
 
22230 posts since 7 Aug, 2002, from Berlin

Postby Urs; Sun May 13, 2018 11:40 pm Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

Also, because we need a data security officer, we hired an external company to fill in our sheets and take over that role. But that's because we have more than 10 people handling data.
User avatar
FabienTDR
KVRian
 
975 posts since 23 Feb, 2012

Postby FabienTDR; Mon May 14, 2018 6:33 am Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

Ah thank you, I understand. Yes, we're smaller and should be able to ignore it.
Fabien from Tokyo Dawn Records

Check out my audio processors over at the Tokyo Dawn Labs!
User avatar
Richard_Synapse
KVRian
 
831 posts since 19 Dec, 2010

Postby Richard_Synapse; Tue May 15, 2018 2:01 am Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

Urs wrote:
quikquak wrote:I’m allowed to keep share-it sales info that gets emailed and kept on my studio computer? It’ll be a massive pain if I can’t easily keep tabs on real purchase users. I guess I can just use Share-it’s records which is a little painful to use.

Of course you can keep them. You just need to document this and write that sheet which says who's handling those and what for.

I will probably delete them on a monthly schedule and keep nothing older than a quarter.


This is what we do now too. There is really no reason to keep many records anyway, in particular not support emails and such stuff. Much easier to get rid of everything than having to document and explain why you store such data (probably there is no good reason to begin with).

Richard
Synapse Audio Software - www.synapse-audio.com
User avatar
Cyforce
KVRAF
 
2079 posts since 1 Feb, 2009, from Germany

Postby Cyforce; Tue May 15, 2018 10:02 am Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

Even if the new GDPR has good intentions, from the viewpoint of a developer or shop it`s not good. Especially after the EU MOSS VAT (in cases you don`t using external services for the process like Shareit, Cleverbrigde etc).

For the most persons or smaller buisness it will be hard to fix it till 25th may, so many points you have to adjust and think about, from adversiting programms, youtube embedded (soundclould looks right now as not longer use-able as embedded audio player based on the GDPR), SSL, contact forms & coments, internal plugins in your website system... and right now many plugins just getting updates which are maybe essential for your website, for example if you use a website based on wordpress and using a security plugin like WordFence - right now it would violate the GDPR law, so in some ways/points it`s also kinda wait&hope that they will be fixed in time, next to the negative point that you probably have to giveaway many functions or possibilites in your current settings (especially on social network base).
User avatar
Richard_Synapse
KVRian
 
831 posts since 19 Dec, 2010

Postby Richard_Synapse; Tue May 15, 2018 1:00 pm Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

Cyforce wrote:Even if the new GDPR has good intentions, from the viewpoint of a developer or shop it`s not good. Especially after the EU MOSS VAT (in cases you don`t using external services for the process like Shareit, Cleverbrigde etc).


If this wasn't bad enough, there's the planned ePrivacy regulations, perhaps worse than both combined. :x

Anyway to stay on-topic, here's a generator for german/english privacy statements:
https://www.wbs-law.de/it-recht/datensc ... generator/

Obviously noone will guarantee its safety, and individual adjustments probably need to be made, but it's a starting point, and it is free of charge.

Richard
Synapse Audio Software - www.synapse-audio.com
stratum
KVRAF
 
1852 posts since 29 May, 2012

Postby stratum; Tue May 15, 2018 3:22 pm Re: General Data Protection Regulation (GDPR) - useful/practical tips for small developers

Meanwhile our government guys are swift in copy paste technology and several companies recently started sending SMS messages regarding their compliance of new privacy laws in addition to their usual spam messages which by law they are not allowed to send either (the trick is to include some content that tells how to unsubscribe in spite of the fact that it's inconvenient to do so considering the fact that hyperlinks are not supported in SMS messages)
~stratum~
Next

Moderator: Moderators (Main)

Return to DSP and Plug-in Development