GDPR related questions
A few stupid questions Google hasn't been really clear about:
1)
Is using Gmail considered GDPR compliant?
Without having all the emails stored on Gmail decrypted (but using TLS for sending & receiving of course).
2)
Is Cloudflare considered GDPR compliant (when not used just as a DNS)?
Is it OK when used only as DNS (again - I understand it's a lawyer territory, so apologies for the stupid question)?
@Ympker I believe you've had a lot of practical experience on this and from what I've gathered some lawyer feedback on the topic. Since I think this is a lawyer (i.e. not technical & common sense) territory.
3)
Is using a hosting server outside of EU considered GDPR compliant (again - if using TLS plus encrypting any private-related data)?
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
Comments
Ignore GDPR.
Inject a message "if you are an EU citizen please disconnect now" in the IP extension fields of the TCP SYN+ACK packet.
If they don't listen, it's their problem.
Accepting submissions for IPv6 less than /64 Hall of Incompetence.
Yes Gmail is GDPR compliant
https://cloud.google.com/privacy/gdpr
https://www.cloudflare.com/en-gb/gdpr/introduction/
It depends... It what they collect on data, what they share and many thing more....
Please GPDR is better than the current American **** have. Even California is switching over to a more strict rules...
https://oag.ca.gov/privacy/ccpa
The only issue is that some rules are stupid mainly accepting those cookie *** message boxes.
https://oag.ca.gov/privacy/ccpa
What're you going to do if California claims jurisdiction over you?
I feel like this GDPR thingy will prevent us from going to the space.
♻ Amitz day is October 21.
♻ Join Nigh sect by adopting my avatar. Let us spread the joys of the end.
Someone accidentally or intentionally visits your house and rings doorbell. You first send them a message: "If you are a visitor from a different country, we will try and comply by your country's rules. our local laws be damned."
We will also delete any records of your visit should you so desire.
That is what a gdpr notice practically is.
By extension, is LES GDPr compliant?
EU and US/California lawmakers can shove GDPR/CCPA up their rear ends. Instead of shoving it down the throats of service providers/ webhosts etc.
blog | exploring visually |
I could go on and on why GDPR, especially the way it's practically enforced, is crap.
But this is a project that must be 100% GDPR compliant, and include a website and a mailing list.
@vyas maybe a forum must allow any member to request having all their posts & data deleted in order to be GDPR compliant. If that is the case - it's a great push towards corporate-owned (the real data gathering) social networks.
Likewise, I wouldn't be amazed if even forums have to designate a person that will be a contact, who provides "a full list of all the data LES has on a member making a query." It's beautiful!
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
two things to do here:
a) check if and how all vendors you use and which potentially handle personal data of your clients and visitors, are GDPR compliant themselves, like Jaap pointed to
usually all bigger vendors will have something about it, if not ... probably better not use it.
b) the project itself needs to fulfill the gdpr requirements, like having a data protection officer and even more so declare everything in a privacy policy statement as well as handle the cookie stuff.
it really comes down to the question of which (personal) data you handle after all. if you have a static website on IPv9 hosted at south pole without any third party tools and no tracking crap and no logging, you're most likely GDPR compliant per sé. easy, right, RIGHT?
I get conflicting feedback from the "GDPR compliance lawyer" - the problem is, for now, most feedback comes through the client.
Anyway - got their answer on Google - practically saying it's an evil monster. OK, we all know that, but I thought my job was to implement what works in compliance with GDPR. With this line of reasoning - I'll just work with whatever the "GDPR expert" says is acceptable - making the best with what's available. Far from the fastest, cheapest, or even safest solution, but it's not my business to tell people what to do - as far as I go is recommended.
Hence, related to this project, this thread is no longer relevant (unfortunately). But I think it's a good idea to share thoughts and experience, for any projects that aren't as lawyer-run (they still exist, no?).
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
yes. that's the way to go. client has to kill it with money eventually.
Processing data =/= hosting data.
GDPR does not allow you to host data outside of the EU.
Not arguing - the questions aren't rhetorical, but intended to confirm & clarify:
Does that make Amazon cloud (unless restricted server locations are used) and Gmail for that matter (if emails with any data/info are saved) not GDPR compliant?
Linkedin, Facebook, YouTube - do they only store EU customer data on EU located servers?
This is for laughs (not a serious question):
Could we sue them?
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
@Ympker know german lawyers LES vs Bezos and Zuckerberg
I believe in good luck. Harder that I work ,luckier i get.
Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.