View Issue Details

IDProjectCategoryView StatusLast Update
0003592Composrcorepublic2019-07-05 21:38
ReporterChris GrahamAssigned ToChris Graham 
Severityfeature 
Status resolvedResolutionfixed 
Product Version 
Fixed in Version 
Summary0003592: Updated guidance in legals tutorial
DescriptionFor GDPR compliance organisations may need to:
 - Encrypt their filesystem
 - Encrypt their database
 - Encrypt their backups
 - Choose a webhost that is compliant with the 'EU-US privacy shield'
 - Delete old backups on a schedule
 - Use SSL for everything - your own site, and others you connect to

This depends on the nature of personal data held, and the size of the organisation. The law is pretty vague on exactly who needs to do what and how. It unlikely applies to basic user accounts and analytics, it was more written to deal with companies such as Facebook who hold large amounts of cross-connected personal data.
TagsRoadmap: v11, Type: Legal compliance
Attach Tags
Time estimation (hours)1
Sponsorship open

Activities

Chris Graham

2018-04-27 17:20

administrator   ~0005681

GDPR: “shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk"

Issue History

Date Modified Username Field Change
2018-04-27 15:40 Chris Graham New Issue
2018-04-27 16:02 Chris Graham Tag Attached: Type: Legal compliance
2018-04-27 17:20 Chris Graham Note Added: 0005681
2018-04-27 17:24 Chris Graham Sponsorship open 0 =>
2018-04-27 17:24 Chris Graham Description Updated View Revisions
2018-04-27 17:47 Chris Graham Description Updated View Revisions
2019-06-27 18:58 Chris Graham Tag Attached: Roadmap: v11
2019-07-05 21:38 Chris Graham Assigned To => Chris Graham
2019-07-05 21:38 Chris Graham Status non-assigned => resolved
2019-07-05 21:38 Chris Graham Resolution open => fixed