👨‍💻
Mike's Notes
  • Introduction
  • MacOs Setup
    • System Preferences
    • Homebrew
      • Usage
    • iTerm
      • VIM
      • Tree
      • ZSH
    • Visual Studio Code
    • Git
    • SSH Keys
  • DevOps Knowledge
    • SRE
      • Scaling Reliably
        • Splitting a Monolith into Microservices
      • Troubleshooting Common Issues
      • Service Level Terminology
      • Toil
      • Monitoring
      • Release Engineering
      • Best Practices
      • On-Call
      • Alerting
    • Containers
      • Docker
        • Best Practices
          • Image Building
          • Docker Development
        • CLI Cheat Sheet
      • Container Orchestration
        • Kubernetes
          • Benefits
          • Cheat Sheet
          • Components
          • Pods
          • Workload Resources
          • Best Practices
    • Developer Portal 👨‍💻
      • Solution Overview 🎯
      • System Architecture 🏗️
      • Implementation Journey 🛠️
      • Cross-team Collaboration 🤝
      • Lessons & Future 🎓
    • Provisioning
      • Terraform
        • Installation
        • Usage
    • Configuration Management
      • Ansible
        • Benefits
        • Installation
    • Build Systems
      • Bazel
        • Features
  • Security
    • Secure Software Engineering
    • Core Concepts
    • Security Design Principles
    • Software Security Requirements
    • Compliance Standards and Policies
      • Sarbanes-Oxley (SOX)
      • HIPAA and HITECH
      • Payment Card Industry Data Security Standard (PCI-DSS)
      • General Data Protection Regulation (GDPR)
      • California Consumer Privacy Act (CCPA)
      • Federal Risk and Authorization Management Program (FedRAMP)
    • Privacy & Data
  • Linux Fundamentals
    • Introduction to Linux
    • Architecture
    • Server Administration
      • User / Groups
      • File Permissions
      • SSH
      • Process Management
    • Networking
      • Diagrams
      • Browser URL Example
      • Network Topologies
      • Signal Routing
      • DNS (Domain Name System)
      • SSL (Secure Sockets Layer)
      • TLS (Transport Layer Security)
  • System Design
    • Process
    • Kafka
      • Advanced Topics
    • URL Shortener
Powered by GitBook
On this page
  • Scope of GDPR
  • Obligations

Was this helpful?

  1. Security
  2. Compliance Standards and Policies

General Data Protection Regulation (GDPR)

Compliance with GDPR requires a holistic approach to data protection and security. Security software engineers should collaborate with legal and compliance experts to ensure that software systems align with GDPR requirements, as non-compliance can result in significant fines and reputational damage.

Scope of GDPR

Understand that GDPR applies to organizations, including software providers, that process personal data of individuals within the EU, regardless of where the organization is based.

Personal data is defined as any information relating to an identified or identifiable natural person. This includes:

  • Online identifiers

  • IP addresses

  • Cookies

It also includes indirect information, including physical, physiological, genetic, mental, economic, cultural, or social identities that can be traced to one person.

Obligations

GDPR mandates that individuals have the right to access clear and comprehensible information regarding the processing of their data. When organizations collect data from individuals, they are obligated to transparently convey key details, including:

  • The identity and contact information of the requesting entity

  • The purpose and usage of the data

  • The retention period

  • Potential international transfers

  • The individual's rights such as access, rectification, erasure (right to be forgotten), withdrawal of consent, and the ability to file complaints.

PreviousPayment Card Industry Data Security Standard (PCI-DSS)NextCalifornia Consumer Privacy Act (CCPA)

Last updated 1 year ago

Was this helpful?