training: notes from GDPR training
All checks were successful
On_Push / pdfs (push) Successful in 40s

This commit is contained in:
silver 2024-10-22 14:32:57 +01:00
parent 4234f847cb
commit e61078915c
Signed by: silver
GPG key ID: 36F93D61BAD3FD7D

View file

@ -0,0 +1,98 @@
# GDPR training 1
## History
GDPR started (originally) with teh (EU) declaration of rights
More specialised over time
Privacy in written communications
From:
Written coms protected from gov
yo
Digital coms protected from corps
## Personal data
Dead folks dont count for GDPR
userID would count as identifiable information.
Some data is protected, except under certain conditions such as criminal convictions
## Principals
* Must be fairly and lawfully processed
* 6 recognised means you can choose to gather and store data
* Concent trumps all other means
* Contractual and legal obligations are tied
* Obliged to gather
* public interest
Wolves is joint controllers
Committees are also joint controllers
* Rights of data subjects
* Right to be informed
* Right of access
* Human has to be involved
## Enforcement
The office of the Data commissioner got bumped up in funding and manpower
Most of the big corpos are headquartered in Ireland (for a variety of reasons)
fines got bumped, to big number and a % of revenue
More power than revenue commissioners.
DPC are looking at a broad spectrum of organisations
Loosing access to data counts as a breach
* Leak
* Hack
* Accidental deletion
* ransomware
* ....
Technically having former committee with access to teh gcloud could ahve counted.
## Compliance
A creche may need to keep data of a 3 year old till they are 25
7 year timer starts once they turn 18
18+7=25
Main areas of action:
* Data breaches
* ye have 72 hrs to report it
* Find out what happened
* Fix the issue
* Mitigate issue
* If high risk to members then they have to e notified
* Data Access
* One calendar month (28 days?)
## Misc
### Why
We (committees) are controllers of data.
### Questions
#### Skynet bot
Had a good chat, will send email.
#### Old data from before GDPR (home dirs and emails)
Basically as long as ye want.
Best to keep teh data until either they contact ius or we contact them.
Give a clear options on what to do with it.
#### Logging bot on discord
Not a good idea
***Ask for slides***