GDPR - privacy policy - suggestions ideas ? encrypting DB

ACDC

With all the new privacy laws coming into place, it's inevitable that developers are going to be confronted and forced to build the new privacy requirements into the design of their apps

For example, if you have a customer in Europe and you are storing protected defined data, you better be sure that you have an audit trail object recording changes to this data as its being processed and furthermore make sure the audit trail data is stored in an uneditable format ensuring system DBA's and system admin cannot change or tinker with the records.

I wonder how many apps have to be rewritten or modified to accommodate all these new requirements.

If you have any comments and suggestions/ ideas on how one could make an app bullet proof within the scope of the new GDPR rules please let's hear about it

One specific question I have for anyone in the know, is encrypting certain attributes in the MySql DB (AIM provides an option to encrypt certain attributes albeit the weaker DES encryption)
From what I understand, as long as you are forcing users to connect via an ssl link and ensure database logs are switched off you can be sure those attributes are secured from someone getting access to the DB server, DBA's, system Admins and backup copies residing on other machines - or not?

I would be keen to hear any viewpoints on attribute encryption and whether it makes sense to do so

Thanks in advance

phaider

Hi there,

this is a suggestion more or less for the developers of AwareIM. Since 25 years I am working with Dynamics NAV and today GDPR is a hot topic. Not always i the friend of them, but this approach is a really good solution.

Microsoft has updated their table Meta Modell within the Dynamics NAV database with a new Option Value field called "DataClassification"; Options of this field are Customer Content, EndUserIdenfiableInformation, EnduserPseudonymousIdentifiers, OrganizationIdentifiableInformation, Systemmetadata. This attribute is available at table and field level. Data handling management works similar to AwareIM with a meta modell as layer between the application and the sql server database.

Furthermore, the Enduser has a Data Entry Page (similar to a Excel Worksheet) within the application, where a job scanes - based on the MetaProperties - all tables and fields with the Dataclassification option Customer Content, EndUserIdenfiableInformation, EnduserPseudonymousIdentifiers and copies (as Column) Tablename, Fieldname and Fieldtype into this worksheet. Now the Enduser applies to the forth column ("Data Sensivity") the classification level of this field (possible Options are: Sensitive, Personal, Company Confidential and Normal) per each field

Due the reason, that all your AwareIM applications are tailor made, the additional attributes of the meta model are not mandatory. Only the data classification worksheet for the EndUser is necessary.

In Dynamics NAV standard application, there are following possible Data Subject Tables within the system

Customer
Vendor
Contact
Salesperson
Employee
Resource
Systemuser
maybe more, depending of the AddOns and customizations.

At least, there is a jobs, where this data is exported (logged with a changelog) as Excel spreadsheet. Additionally, the Data subject tables has an additional Field called Blocked through Privacy, where the Enduser has the possibility, to block a data subject, because of privacy reasons.

Microsoft reports, that they delivers tools only, but the data protection commissioner within the organization is fully responsible for GDPR. So he/she is fully responsible, that the Data Sensitivy table is up2date, and data handling (Create/Read/Update/Delete) is recorded within log files, so that access to data subjects is traceable.

Finally, data encryption should be done by the db, not within AwareIM. its more fatsser and secure. You can access the db outside your application, so it makes no sense to protect in AwareIM only.

Best regards
Peter

BTW: Within our organization (160 companies in 35 countries) i am responsible for Data Protection within Dynamics NAV

phaider

Addendum
Regarding Deletion of Data:
In some reasone, Data subjects requests to delet their data.
As we know, A data model is a complex thing, and its not so easy to delete any particular data.
On the other side, there are some strict regulation, how long to store data for example: for fiscal purposes.
If no storage is necessary: my recommandation is to encrypt or erase this field data (except the primary key).
Best regards
Peter

ACDC

Hi Peter
thanks for this information
BTW

Finally, data encryption should be done by the db, not within AwareIM. its more faster and secure. You can access the db outside your application, so it makes no sense to protect in AwareIM only.

If you are using MySQL, the encryption IS being done in the DB, AwareIM uses the MySql DES encrypt function. This is easily implemented by clicking on the encryption button on each attribute in the configurator and setting the MySql key,

As far as exposing details within the application, I suppose READ PROTECT would work to a certain extent (driven by some condition) but this hides the attribute from the form. What we need is a READ PROTECT option that shows the attribute but with the details blocked similar to the way its done in the password detail block.

weblike

phaider wrote
Addendum
Regarding Deletion of Data:
In some reasone, Data subjects requests to delet their data.
As we know, A data model is a complex thing, and its not so easy to delete any particular data.
On the other side, there are some strict regulation, how long to store data for example: for fiscal purposes.
If no storage is necessary: my recommandation is to encrypt or erase this field data (except the primary key).
Best regards
Peter

Yes GDPR says that the user should have the right to delete his data, but I have seen lot of platforms which impersonate data, which is good : for example "James Peterson"=> becomes => "undefined user".