GDPR privacy by design

Post

Posted
Rating:
#3051 (In Topic #552)
supertramp4
Avatar
Standard member
supertramp4 is in the usergroup ‘Well-settled’
Hi.
I have to inplement the new eu gdpr policies and it got me thinking about composr.
Generally i think its in quite good shape with the cookie notices, opt-out and the encryption of the forums through the pem key files.

However what is the situation of encryption of all users profile data like name address email postcode etc.

This would be amazing if it could be implemented and would also need a one time encrypt to lock down existing data.

Any thoughts?
Online now: No Back to the top

Post

Posted
Rating:
#3052
Chris Graham
Avatar
Site director
Chris Graham is in the usergroup ‘Administrators’
Is there a clear set of bulletpoints somewhere that shows what a website needs to do?

I just Googled around a bit and saw a lot of very vague speak from companies selling stuff.

I think probably improvements could be made regarding easy deletion and easy export of user data.

Regarding encryption, I didn't see a lot about that. Would not just running off an encrypted partition serve the purpose?

Encrypting at the DB level is not viable as you can't query it. Plus it would be an enormous amount of work. The encrypted CPFs are being handled as a special case.

Become a fan of Composr on Facebook or add me as a friend. Add me on on Mastodon. Follow me on Minds (where I am most active). Support me on Patreon

Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Online now: No Back to the top

Post

Posted
Rating:
#3053
Chris Graham
Avatar
Site director
Chris Graham is in the usergroup ‘Administrators’
Here's the tracker issue we have:
0000390: Data laws - Composr CMS feature tracker

Become a fan of Composr on Facebook or add me as a friend. Add me on on Mastodon. Follow me on Minds (where I am most active). Support me on Patreon

Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Online now: No Back to the top
1 guest and 0 members have just viewed this.
Back to Top