subject:"\[web2py\] Re\: Any ideas on how to prepare web2py apps for GDPR"

[web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-07-07 Thread Dave S



On Thursday, July 6, 2017 at 2:48:47 PM UTC-7, Pbop wrote:
>
> Making an app ready for GDPR compliance does not have some checklist and 
> is an ongoing commitment to privacy and security by design. Web2Py aligns 
> well with GDPR in many ways out of the box.  Here is a fairly comprehensive 
> toolkit to assist in all of the moving pieces for GDPR compliance from a 
> vendor called Nymity. Nymity has found some 55 compliance areas (out of 99) 
>  you may have to prove compliance or to demonstrate why compliance does not 
> apply. They have a 45 minute video that gets into just enough detail of all 
> that is involved. Unfortunately, pseudonimization is only a small part of 
> what is fairly large project for compliance. 
>
> https://www.nymity.com/gdpr-toolkit.aspx
>
> If anyone has a less involved toolkit that can streamline compliance do 
> please share. 
>
>
>
You might want to add this to the web2py resources thread.

/dps

 

> On Thursday, July 6, 2017 at 7:17:40 AM UTC-4, Pierre wrote:
>>
>> for cryptographists and "bunker" amateurs :
>>
>> http://bitwiseshiftleft.github.io/sjcl/
>>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-07-06 Thread Pbop

Making an app ready for GDPR compliance does not have some checklist and is 
an ongoing commitment to privacy and security by design. Web2Py aligns well 
with GDPR in many ways out of the box.  Here is a fairly comprehensive 
toolkit to assist in all of the moving pieces for GDPR compliance from a 
vendor called Nymity. Nymity has found some 55 compliance areas (out of 99) 
 you may have to prove compliance or to demonstrate why compliance does not 
apply. They have a 45 minute video that gets into just enough detail of all 
that is involved. Unfortunately, pseudonimization is only a small part of 
what is fairly large project for compliance. 

https://www.nymity.com/gdpr-toolkit.aspx

If anyone has a less involved toolkit that can streamline compliance do 
please share. 

On Thursday, July 6, 2017 at 7:17:40 AM UTC-4, Pierre wrote:
>
> for cryptographists and "bunker" amateurs :
>
> http://bitwiseshiftleft.github.io/sjcl/
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-07-06 Thread Pierre

for cryptographists and "bunker" amateurs :

http://bitwiseshiftleft.github.io/sjcl/

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-07-05 Thread António Ramos

just found the solution for pseudonimization of personal data as suggested
by GDPR

http://www.web2pyslices.com/slice/show/2012/encrypt-information-into-the-database

Web2py is GDPR ready!

Regards
António





2017-07-04 22:26 GMT+01:00 António Ramos :

> Something about cookies and GDPR.
>
> https://www.cookielaw.org/blog/2016/5/13/the-gdpr,-
> cookie-consent-and-customer-centric-privacy/
>
> 2017-06-03 0:06 GMT+01:00 Carlos Kitu :
>
>> Hi Antonio,
>> I don't know the UK regulations about GDPR, but I know the spanish ones,
>> and in this subject both countries apply the european regulation, thus i
>> think that they must be quite similar.
>> The spanish data protection regulations defines three levels of security
>> personal data, related to a degree of sensitivity. Each level requires
>> different means of protection.
>> As far as I remember, at the highest level you are not required to
>> encrypt the data stored at the server. You are requested to encrypt the
>> data stored in removable media to be transported to another place(i.e. to
>> send data, or to keep backup copies off-site), this is related to backup
>> software, not the application or databases. Of course you are required to
>> cipher your communication with the browser, with https. Another requirement
>> is to track every change of the high security level data (previous value,
>> updated valued, access date, who accessed), but you can do that easily with
>> the framework with oncreation functions, for example.
>>
>> Personal data protection involves formal measures (like getting explicit
>> consent to record the information), and technical measures. Another
>> difficult issue is the IT service providers(i.e. hosting). If you use a
>> hosting service, you need specific contract clauses to address the Personal
>> data issue. And you can't put the data anywhere. It must be in an european
>> country, or a country with an equivalent regulation level(see this link:
>> https://www.theguardian.com/technology/2015/oct/06/safe-harb
>> our-european-court-declare-invalid-data-protection)
>>
>> With regard to the article:
>> *In the UK, the Information Commissioner has provided guidance that, in
>> the case of data loss where encryption software has not been used to
>> protect the data, regulatory action may be pursued.  *
>> I think that they are speaking about losing removable unciphered media.
>> If there is a data loss in your premises, there is no risk of disclosing
>> personal data, just of losing personal information, which is also punished
>> by that regulation.
>>
>> *The study revealed that 34% of web pages of FT30 firms that collect PII
>> are doing so insecurely, 29% are not using encryption, 3.5% are using
>> vulnerable encryptions algorithms, and 1.5% have expired security
>> certificates.*
>> This may be related with the communications. If you use https I think
>> that you are safe.
>>
>> I suggest you to have a look at the Personal data protection regulations,
>> because the news papers is an incomplete source, at best.
>>
>> And if you still need to cipher the data at the server, there is a long
>> post here
>> 
>> about this subjetc, with this example:
>> db.define_table('contact',
>>  Field('user_id', db.auth_user, default=auth.user_id, readable=False,
>> writable=False),
>>  Field('email', label='Contact email'),
>>  Field('phone', label='Contact phone')
>> )
>>
>>
>> db.contact.email.requires = [IS_EMAIL(error_message="Wrong email address"
>> )]
>> db.contact.phone.requires= [IS_LENGTH(maxsize=30, error_message="Bit too
>> long, right?")]
>> db.contact.email.filter_in = lambda value : w2p_encrypt(value)
>> db.contact.phone.filter_in = lambda value : w2p_encrypt(value)
>> db.contact.email.filter_out = lambda value : w2p_decrypt(value)
>> db.contact.phone.filter_out = lambda value : w2p_decrypt(value)
>>
>> Good look and best regards.
>>
>> El jueves, 1 de junio de 2017, 12:40:15 (UTC+2), Ramos escribió:
>>>
>>> I have 3 apps where i need to address this issue...
>>>
>>>
>>> http://www.computerweekly.com/news/450419960/Top-UK-firms-we
>>> bsites-violate-key-GDPR-principle?utm_medium=EM=EM_EDA_
>>> 77932701_campaign=20170601_Top%20UK%20firms%E2%80%99%20w
>>> ebsites%20violate%20key%20GDPR%20principle_source=EDA
>>>
>>> Regards
>>> António
>>>
>>>
>>> 
>>>  Sem
>>> vírus. www.avast.com
>>> 
>>> <#m_8463599738101271782_m_6410490915950140020_CAEM0BxOt_yRJdomZkuFp9+x-r1QLR7cUmVB+t2ZjDDf6QpMt8w@mail.gmail.com_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-07-04 Thread António Ramos

Something about cookies and GDPR.

https://www.cookielaw.org/blog/2016/5/13/the-gdpr,-cookie-consent-and-customer-centric-privacy/

2017-06-03 0:06 GMT+01:00 Carlos Kitu :

> Hi Antonio,
> I don't know the UK regulations about GDPR, but I know the spanish ones,
> and in this subject both countries apply the european regulation, thus i
> think that they must be quite similar.
> The spanish data protection regulations defines three levels of security
> personal data, related to a degree of sensitivity. Each level requires
> different means of protection.
> As far as I remember, at the highest level you are not required to encrypt
> the data stored at the server. You are requested to encrypt the data stored
> in removable media to be transported to another place(i.e. to send data, or
> to keep backup copies off-site), this is related to backup software, not
> the application or databases. Of course you are required to cipher your
> communication with the browser, with https. Another requirement is to track
> every change of the high security level data (previous value, updated
> valued, access date, who accessed), but you can do that easily with the
> framework with oncreation functions, for example.
>
> Personal data protection involves formal measures (like getting explicit
> consent to record the information), and technical measures. Another
> difficult issue is the IT service providers(i.e. hosting). If you use a
> hosting service, you need specific contract clauses to address the Personal
> data issue. And you can't put the data anywhere. It must be in an european
> country, or a country with an equivalent regulation level(see this link:
> https://www.theguardian.com/technology/2015/oct/06/safe-
> harbour-european-court-declare-invalid-data-protection)
>
> With regard to the article:
> *In the UK, the Information Commissioner has provided guidance that, in
> the case of data loss where encryption software has not been used to
> protect the data, regulatory action may be pursued.  *
> I think that they are speaking about losing removable unciphered media. If
> there is a data loss in your premises, there is no risk of disclosing
> personal data, just of losing personal information, which is also punished
> by that regulation.
>
> *The study revealed that 34% of web pages of FT30 firms that collect PII
> are doing so insecurely, 29% are not using encryption, 3.5% are using
> vulnerable encryptions algorithms, and 1.5% have expired security
> certificates.*
> This may be related with the communications. If you use https I think that
> you are safe.
>
> I suggest you to have a look at the Personal data protection regulations,
> because the news papers is an incomplete source, at best.
>
> And if you still need to cipher the data at the server, there is a long
> post here
> 
> about this subjetc, with this example:
> db.define_table('contact',
>  Field('user_id', db.auth_user, default=auth.user_id, readable=False,
> writable=False),
>  Field('email', label='Contact email'),
>  Field('phone', label='Contact phone')
> )
>
>
> db.contact.email.requires = [IS_EMAIL(error_message="Wrong email address"
> )]
> db.contact.phone.requires= [IS_LENGTH(maxsize=30, error_message="Bit too
> long, right?")]
> db.contact.email.filter_in = lambda value : w2p_encrypt(value)
> db.contact.phone.filter_in = lambda value : w2p_encrypt(value)
> db.contact.email.filter_out = lambda value : w2p_decrypt(value)
> db.contact.phone.filter_out = lambda value : w2p_decrypt(value)
>
> Good look and best regards.
>
> El jueves, 1 de junio de 2017, 12:40:15 (UTC+2), Ramos escribió:
>>
>> I have 3 apps where i need to address this issue...
>>
>>
>> http://www.computerweekly.com/news/450419960/Top-UK-firms-we
>> bsites-violate-key-GDPR-principle?utm_medium=EM=EM_EDA_
>> 77932701_campaign=20170601_Top%20UK%20firms%E2%80%99%
>> 20websites%20violate%20key%20GDPR%20principle_source=EDA
>>
>> Regards
>> António
>>
>>
>> 
>>  Sem
>> vírus. www.avast.com
>> 
>> <#m_6410490915950140020_CAEM0BxOt_yRJdomZkuFp9+x-r1QLR7cUmVB+t2ZjDDf6QpMt8w@mail.gmail.com_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
-

[web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-06-02 Thread Carlos Kitu

Hi Antonio,
I don't know the UK regulations about GDPR, but I know the spanish ones, 
and in this subject both countries apply the european regulation, thus i 
think that they must be quite similar.
The spanish data protection regulations defines three levels of security 
personal data, related to a degree of sensitivity. Each level requires 
different means of protection.
As far as I remember, at the highest level you are not required to encrypt 
the data stored at the server. You are requested to encrypt the data stored 
in removable media to be transported to another place(i.e. to send data, or 
to keep backup copies off-site), this is related to backup software, not 
the application or databases. Of course you are required to cipher your 
communication with the browser, with https. Another requirement is to track 
every change of the high security level data (previous value, updated 
valued, access date, who accessed), but you can do that easily with the 
framework with oncreation functions, for example.

Personal data protection involves formal measures (like getting explicit 
consent to record the information), and technical measures. Another 
difficult issue is the IT service providers(i.e. hosting). If you use a 
hosting service, you need specific contract clauses to address the Personal 
data issue. And you can't put the data anywhere. It must be in an european 
country, or a country with an equivalent regulation level(see this link: 
https://www.theguardian.com/technology/2015/oct/06/safe-harbour-european-court-declare-invalid-data-protection)

With regard to the article:
*In the UK, the Information Commissioner has provided guidance that, in the 
case of data loss where encryption software has not been used to protect 
the data, regulatory action may be pursued.  *
I think that they are speaking about losing removable unciphered media. If 
there is a data loss in your premises, there is no risk of disclosing 
personal data, just of losing personal information, which is also punished 
by that regulation.

*The study revealed that 34% of web pages of FT30 firms that collect PII 
are doing so insecurely, 29% are not using encryption, 3.5% are using 
vulnerable encryptions algorithms, and 1.5% have expired security 
certificates.*
This may be related with the communications. If you use https I think that 
you are safe.

I suggest you to have a look at the Personal data protection regulations, 
because the news papers is an incomplete source, at best.

And if you still need to cipher the data at the server, there is a long 
post here 

 
about this subjetc, with this example:
db.define_table('contact',
 Field('user_id', db.auth_user, default=auth.user_id, readable=False, 
writable=False),
 Field('email', label='Contact email'),
 Field('phone', label='Contact phone')
)


db.contact.email.requires = [IS_EMAIL(error_message="Wrong email address")]
db.contact.phone.requires= [IS_LENGTH(maxsize=30, error_message="Bit too 
long, right?")]
db.contact.email.filter_in = lambda value : w2p_encrypt(value)
db.contact.phone.filter_in = lambda value : w2p_encrypt(value)
db.contact.email.filter_out = lambda value : w2p_decrypt(value)
db.contact.phone.filter_out = lambda value : w2p_decrypt(value)

Good look and best regards.

El jueves, 1 de junio de 2017, 12:40:15 (UTC+2), Ramos escribió:
>
> I have 3 apps where i need to address this issue...
>
>
>
> http://www.computerweekly.com/news/450419960/Top-UK-firms-websites-violate-key-GDPR-principle?utm_medium=EM=EM_EDA_77932701_campaign=20170601_Top%20UK%20firms%E2%80%99%20websites%20violate%20key%20GDPR%20principle_source=EDA
>
> Regards
> António
>
>
> 
>  Sem 
> vírus. www.avast.com 
> 
>  
> <#CAEM0BxOt_yRJdomZkuFp9+x-r1QLR7cUmVB+t2ZjDDf6QpMt8w@mail.gmail.com_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-06-02 Thread Dave S



On Friday, June 2, 2017 at 6:48:18 AM UTC-7, Ramos wrote:
>
> Dont know where to start but meanwhile i share this post
>
>
> http://www.computerweekly.com/news/450419960/Top-UK-firms-websites-violate-key-GDPR-principle?utm_medium=EM=EM_EDA_77932701_campaign=20170601_Top%20UK%20firms%E2%80%99%20websites%20violate%20key%20GDPR%20principle_source=EDA
>
>
Yes, you started the thread with that link.  It doesn't provide much 
information, other than saying firms in the UK are doing automated data 
collection and not encrypting the data they have.

Are there any firms in your area offering training in GDPR?  

(I recently attedned the ISSA_LA Summit

and I know that some of the firms represented in the vendor fair do 
security-oriented training; Wombat Security Technologies is one of them

but one of their focus points is phishing-awareness, which isn't 
specifically a GDPR issue.)

(Massimo:  because you spoke at OWASP-OC a couple years ago, I've been 
attending their meetings, and won my Summit ticket as a door prize a couple 
of months ago.  And I've heard a bunch of interesting speakers, although 
I'm not going to be a pen tester.)

((The rest of you:  check if there's an OWASP or ISSA chapter near you!)

/dps



2017-06-02 12:48 GMT+01:00 Anthony :
>
>> On Friday, June 2, 2017 at 7:01:53 AM UTC-4, Ramos wrote:
>>>
>>> i think it will affect all of us and our apps...
>>>
>>
>> Right, but it's still not clear what functionality should be added to 
>> web2py specifically. Most of those issues probably have to be handled at 
>> the application level or the server level, not necessarily by the 
>> framework. But perhaps there are some things the framework can do to help. 
>> Do you have a link with any detailed specifications? Anything in particular 
>> you think the framework can offer to make things easier?
>>
>> Anthony
>>
>> -- 
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to web2py+un...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-06-02 Thread Dave S



On Friday, June 2, 2017 at 4:01:53 AM UTC-7, Ramos wrote:
>
> i think it will affect all of us and our apps...
> [image: Imagem inline 1]
>

Those all seem like something that could be handled by boilerplate links or 
check boxes in the footer of your pages:
"Click here to contact us about problems" "Click here to allow us to speed 
your next order by saving your details" and "Click here to allow us to 
provide information customized to your preferences".

/dps


 

> And more... Any company that does not adapt their apps to comply will 
> incur in a heavy fine...
>
> https://www.itgovernance.co.uk/dpa-penalties
>
>
> http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
>
>
> https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf
>
>
> Regards
>
> 2017-06-02 3:44 GMT+01:00 Anthony :
>
>> On Thursday, June 1, 2017 at 1:06:20 PM UTC-4, Ramos wrote:
>>>
>>> One of the requisites is encryption on all user specific data
>>>
>>
>> Do you have a link to any detailed specifications? Is encrypting the 
>> server storage adequate? I suspect these are not necessarily going to be in 
>> scope for a web framework.
>>
>> Anthony
>>
>> -- 
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to web2py+un...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-06-02 Thread António Ramos

Dont know where to start but meanwhile i share this post

http://www.computerweekly.com/news/450419960/Top-UK-firms-websites-violate-key-GDPR-principle?utm_medium=EM=EM_EDA_77932701_campaign=20170601_Top%20UK%20firms%E2%80%99%20websites%20violate%20key%20GDPR%20principle_source=EDA

2017-06-02 12:48 GMT+01:00 Anthony :

> On Friday, June 2, 2017 at 7:01:53 AM UTC-4, Ramos wrote:
>>
>> i think it will affect all of us and our apps...
>>
>
> Right, but it's still not clear what functionality should be added to
> web2py specifically. Most of those issues probably have to be handled at
> the application level or the server level, not necessarily by the
> framework. But perhaps there are some things the framework can do to help.
> Do you have a link with any detailed specifications? Anything in particular
> you think the framework can offer to make things easier?
>
> Anthony
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-06-02 Thread Anthony

On Friday, June 2, 2017 at 7:01:53 AM UTC-4, Ramos wrote:
>
> i think it will affect all of us and our apps...
>

Right, but it's still not clear what functionality should be added to 
web2py specifically. Most of those issues probably have to be handled at 
the application level or the server level, not necessarily by the 
framework. But perhaps there are some things the framework can do to help. 
Do you have a link with any detailed specifications? Anything in particular 
you think the framework can offer to make things easier?

Anthony

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-06-02 Thread António Ramos

i think it will affect all of us and our apps...
[image: Imagem inline 1]
And more... Any company that does not adapt their apps to comply will incur
in a heavy fine...

https://www.itgovernance.co.uk/dpa-penalties

http://ec.europa.eu/justice/data-protection/reform/files/
regulation_oj_en.pdf

https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf


Regards

2017-06-02 3:44 GMT+01:00 Anthony :

> On Thursday, June 1, 2017 at 1:06:20 PM UTC-4, Ramos wrote:
>>
>> One of the requisites is encryption on all user specific data
>>
>
> Do you have a link to any detailed specifications? Is encrypting the
> server storage adequate? I suspect these are not necessarily going to be in
> scope for a web framework.
>
> Anthony
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-06-01 Thread Anthony

On Thursday, June 1, 2017 at 1:06:20 PM UTC-4, Ramos wrote:
>
> One of the requisites is encryption on all user specific data
>

Do you have a link to any detailed specifications? Is encrypting the server 
storage adequate? I suspect these are not necessarily going to be in scope 
for a web framework.

Anthony

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-06-01 Thread Dave S



On Thursday, June 1, 2017 at 10:06:20 AM UTC-7, Ramos wrote:
>
> One of the requisites is encryption on all user specific data
>

Isn't that better handled by the database engine?

/dps
 

>
> 2017-06-01 18:01 GMT+01:00 Anthony :
>
>> What specific functionality do you think web2py could offer at the 
>> framework level?
>>
>>
>> On Thursday, June 1, 2017 at 6:40:15 AM UTC-4, Ramos wrote:
>>>
>>> I have 3 apps where i need to address this issue...
>>>
>>>
>>>
>>> http://www.computerweekly.com/news/450419960/Top-UK-firms-websites-violate-key-GDPR-principle?utm_medium=EM=EM_EDA_77932701_campaign=20170601_Top%20UK%20firms%E2%80%99%20websites%20violate%20key%20GDPR%20principle_source=EDA
>>>
>>> Regards
>>> António
>>>
>>>
>>> 
>>>  Sem 
>>> vírus. www.avast.com 
>>> 
>>>  
>>> <#CAEM0BxP=OT4uVBOrqOnwO6LYFBi=KC7r0tvR5Ad=yapdKmASbg@mail.gmail.com_m_-7949242699042973214_CAEM0BxOt_yRJdomZkuFp9+x-r1QLR7cUmVB+t2ZjDDf6QpMt8w@mail.gmail.com_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>
>> -- 
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to web2py+un...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-06-01 Thread António Ramos

One of the requisites is encryption on all user specific data

2017-06-01 18:01 GMT+01:00 Anthony :

> What specific functionality do you think web2py could offer at the
> framework level?
>
>
> On Thursday, June 1, 2017 at 6:40:15 AM UTC-4, Ramos wrote:
>>
>> I have 3 apps where i need to address this issue...
>>
>>
>> http://www.computerweekly.com/news/450419960/Top-UK-firms-we
>> bsites-violate-key-GDPR-principle?utm_medium=EM=EM_EDA_
>> 77932701_campaign=20170601_Top%20UK%20firms%E2%80%99%
>> 20websites%20violate%20key%20GDPR%20principle_source=EDA
>>
>> Regards
>> António
>>
>>
>> 
>>  Sem
>> vírus. www.avast.com
>> 
>> <#m_-7949242699042973214_CAEM0BxOt_yRJdomZkuFp9+x-r1QLR7cUmVB+t2ZjDDf6QpMt8w@mail.gmail.com_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Any ideas on how to prepare web2py apps for GDPR

2017-06-01 Thread Anthony

What specific functionality do you think web2py could offer at the 
framework level?

On Thursday, June 1, 2017 at 6:40:15 AM UTC-4, Ramos wrote:
>
> I have 3 apps where i need to address this issue...
>
>
>
> http://www.computerweekly.com/news/450419960/Top-UK-firms-websites-violate-key-GDPR-principle?utm_medium=EM=EM_EDA_77932701_campaign=20170601_Top%20UK%20firms%E2%80%99%20websites%20violate%20key%20GDPR%20principle_source=EDA
>
> Regards
> António
>
>
> 
>  Sem 
> vírus. www.avast.com 
> 
>  
> <#CAEM0BxOt_yRJdomZkuFp9+x-r1QLR7cUmVB+t2ZjDDf6QpMt8w@mail.gmail.com_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Any ideas on how to prepare web2py apps for GDPR

[web2py] Re: Any ideas on how to prepare web2py apps for GDPR

[web2py] Re: Any ideas on how to prepare web2py apps for GDPR

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

[web2py] Re: Any ideas on how to prepare web2py apps for GDPR

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

Re: [web2py] Re: Any ideas on how to prepare web2py apps for GDPR

[web2py] Re: Any ideas on how to prepare web2py apps for GDPR

15 matches

Site Navigation

Mail list logo

Footer information