PC SOFT

FORUMS PROFESSIONNELS
WINDEVWEBDEV et WINDEV Mobile

Accueil  |  Messages récents  | Connexion  |   | Français  FR
Accueil → WINDEV 2024 → GDPR compliance and requirements
GDPR compliance and requirements
Débuté par Steven Sitas, 18 avr. 2018 17:04 - 7 réponses
#1
Posté le 18 avril 2018 - 17:04
Hi,
what is everybody doing about GDPR compliance ?
Any ideas, tips etc would be appreciated

Regards
Steven Sitas
www.alpha360.biz
#2
Posté le 18 avril 2018 - 17:16
Hi, the GDPR refers to physical persons only. All of our customers are companies ... therefore we do nothing.
#3
Posté le 18 avril 2018 - 17:21
Hi Guenter,

Yes, but your customers have customers (that may be physical persons).
So it probably has a "side effect" for us and our software also ...

Regards
Steven Sitas
#4
Posté le 18 avril 2018 - 18:01
We have changed our software in several points (just by memory). I need to check the GDPR compliance document to see all the things we have planned :
Work with encrypted databases and encrypted database connections (HF, MSSQL, ORACLE) only.
Possibility to delete all information about a person (right to forget)
Possibility to delete all the data older than x years
Possibility to export all information about a person in XML, CSV, etc. (Portability)
Possibility to change all the personal data of one person to default values (Anonymization)
Generate CRUD logs, we already have CUD logs but we are in the process of creating the READ ones as well.
Make all the LOGS unchangable (one of the new fetures of V23 that we need) or at this momment create one HASH in every log record wtih is data and the value of the HASH of the previous record to make the validation of consistency possible and use triggers to prevent update/delete to the logs.

In Portugal we have one more law to comply if we sell software to the government, i don't know if it's the same in every country, and in this case we are developing several triggers with alarms for things like too many attenpts to login with wrog credentials, atempt to access data outside the user privileges,........
#5
Posté le 18 avril 2018 - 18:23
Hi Paulo,

thanks for your detailed post.
What bothers me most is if the LOGs (specially Read logs) should be done by the RDBMs (database) or by the applications.
Looks like if you allow any external reporting (like Report writers and ODBC or API access) this must be done at the database level AND then ofcourse,
every application user MUST be mapped to a unique Database user.

Database users cannot be shared between application users in this scenario ...

Not very difficult with HFSQL C/S but impossible with HFSQL Classic and difficult to setup with MS SQL Server etc ...

Regards
Steven Sitas
#6
Posté le 18 avril 2018 - 18:32
All our existing logs are made by database triggers. We didn't change anything at this level for the CUD.
For the read logs we are still testing to see how can we achieve a usable solution.
Our main concerns at this momment are performance, the size of the logs and the logic of each app. When we have selections in the code after the access to the DB the triggers are a mess.

If someone has sugestions for the read logs problems they are welcome.:confused:
#7
Posté le 18 avril 2018 - 23:28
We released a software 2 weeks ago to fulfil the requirements of the GDPR but its only avaiable in german at this time:
www.datenschutzverwaltung.de

@Guenther: If you have employees then you are affected by the GDPR. If your customers are companies then you are affected too. You dont speak to the company, you speak whith their employees and you will probably have their contact information. Most people don't know they are affected :)
#8
Posté le 19 avril 2018 - 10:20
Hi Markus,

I really like your web site and the way you present the GDPR issues.
We started a similar WEB based product a couple of months ago - targeted at small entities and non-profit organizations located in Greece - but not at this price level !!!

The market for this kind of software could be HUGE ...

Good luck with your product

Regards
Steven Sitas
www.alpha360.biz
→ Revenir à WINDEV 2024