Peejay

General Data Protection Regulation (GDPR)

Recommended Posts

1 minute ago, ceberlin said:

When looking at PW what concerns me most, are unencrypted database backups via the module ProcessDatabaseBackups.

Yes. No. Maybe.

The bigger problem may be the user that creates that backup and has access to it.
Having someone at that point handling those backups has to be trustworthy.

A ProcessDatabaseBackupsEncrypted module could be a nice addition nonetheless.

Share this post


Link to post
Share on other sites
5 hours ago, ceberlin said:

When looking at PW what concerns me most, are unencrypted database backups via the module ProcessDatabaseBackups.

why?

  • Like 3

Share this post


Link to post
Share on other sites

I'd rather have db backups stored outside the webroot then having them encrypted. By default they're protected by the .htaccess file, but screwing up that file is easy and common. But if that's working (or files are outside the webroot) only people with access to the webserver can see/use the backup files and are highly likely to also have access to the config.php and therefore the db credentials as well. In that case encryption won't give you anything anymore.

  • Like 4
  • Thanks 1

Share this post


Link to post
Share on other sites

Backups can live their own live. I tend to download them from time to time (some customers do also). Since they can contain sensitive data, it is just another level of protection to have them encrypted. (I know, WordPress modules can be much worse in offering to *mailing* sql backups. Anything can happen there.)

Share this post


Link to post
Share on other sites
Posted (edited)

https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment

"L’outil dispose désormais de 14 langues (français, anglais, italien, allemand, polonais, hongrois, finnois, norvégien, espagnol, tchèque, néerlandais, portugais, roumain et grec) dont six d’entre elles ont été révisées par les Autorités de Protection bavaroise, italienne, finlandaise, hongroise, polonaise et norvégienne."

Edit: 
https://github.com/LINCnil
Some repositories are cookie-related.

https://github.com/AmauriC/tarteaucitron.js
"Comply to the European cookie law"...

Edited by Christophe

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By quickjeff
      Hi Guys, 
      I wanted to start this thread to see what others are doing to make sure they are compliant with GDPR.
      Basically, a ton of websites are built on WordPress and I am seeing tons of plugins being rolled out to help with cookie compliance etc. 
      Processwire however, doesn't have anything available. Also, if we are using FormBuilder, do we need an opt-in checkbox?
    • By Sandra Morgan
      Hi,
      As a small business owner I am interested in sourcing as many GDPR Checklists as possible because I'm keen to make my business compliant myself. So far I have came across this one.  https://www.infinitygroup.co.uk/gdpr-checklist/ Has anyone found any others useful that they can share with me?