GDPR compliance for internal facing applications

Disclaimer: I hope this fits the scope of this sub, if not please let me know where to post it instead.

So today our Privacy & Security team reached out and asked my team to implement the whole list of GDPR conformity measures: DPIA Assessment, data encryption, interfaces to request deletion of private data, etc.

It's true that we store business emailaddresses and usernames which obviously is private data. However, our applications is not exposed to the public. You can only connect to the db if you are behind the company's VPN. The front-end exposes a last_edit_by field for each record handled by our application.

Are they right in their interpretation of GDPR requirements? For me, that seems to be overkill considering it's internal use only. I'd suppose you could come up with a business justification to know who did what. Assuming they are right, would it make a difference if we stop storing Emailaddresses and usernames and only store nicknames or userIDs instead?

submitted by /u/turtur
[link] [comments]

from Software Development – methodologies, techniques, and tools. Covering Agile, RUP, Waterfall + more! https://ift.tt/2IuX1zD

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website at WordPress.com
Get started
%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close