Tag Archives: GDPR

IBM Domino and GDPR, what is this?

Posted by on 4 April,2018 No comments

On the 25:th of May this year a new set of rules come in affect for companies that deal with European citizens. This will give some basic rights to people and the information related to them.
This will affect all companies in EU or working against EU, so if you are an US based company but have customers inside EU you are affected by this.

  1. Right to know what is stored
  2. Right to be forgotten
  3. Right to correct wrongful data
  4. Right to portability
  5. Right not to be a subject to automated decision making

This will then have some effects on your company and the systems holding the information.

  1. Make sure that you have a data privacy policy
  2. Make sure you know what information you use to what and where
  3. Make sure that you process information on a legal ground
  4. Inform and get consent from users if needed
  5. Make sure that information is safe
  6. Make sure that right people have access to the information
  7. Make sure that you can erase information/anonymize that you don’t have rights to process anymore (Yes, backups also apply)
  8. Make sure that you can correct wrongful information
  9. Have a routine to investigate and report data breaches
  10. Make a list of all your data processors

How can we handle this in a Domino based system then?

Notes names and the Adminp process is a good start to comply with right to correction and right to be forgotten. But you might probably need to adjust your applications
Fulltext search and Domain search can also help you find data that you need to remove and/or correct.
Enable webserver logs to find out what is happening in you webb environment, but remember to clean up this log with the retention policy that you have decided and add that you log things to you privacy policy.

If you need assistance, have questions or need help getting ahead of this feel free to contact me.
Also Follow my twitter flow for GDPR articles in Swedish and English –> GDPR News

I’ve also found a tool that can help you track changes in your Domino environment GDPR Logger
( Contact me if you find this tool interesting )

Some more info in this youtube video by Ytria

 

Why companies should train their employees in IT-Security today

Posted by on 11 February,2017 No comments

Demands what and what not the employees do on their computers becomes more and more important. Some examples, a person comes in to the reception desk with a presentation with coffee stains on it. Asks to get a new copy, please it’s on my USB drive. And the hacker is in your network! If this was after the 25:th of may 2018 your company could get fines because the employee didn’t get enough training. This is only one example, what about passwords do they use the same password to your internal network as they use on social media? Can I plugins a usb drive into your visitor registration computer? What can guests reach from the guest WiFi network?

This new laws will come in affect next year and will affect all companies that work with European citizens. It demands a good knowledge about what personal data your company stores about them and how long. What do I mean with personal data, it’s their name, email, phone number, ipadress well everything that can be used to identify them.

Knowledge, documentation and education will be required and you need to start now. This isn’t something to ignore because it might lead to 4% of total revenue or 20 million euros in fines.

Do you want to know more, feel free to contact me.

GDPR privacy and security for everybody

Posted by on 7 December,2016 No comments

If you have or haven’t heard of GDPR (General Data Protection Regulation) that is a European Union law that will be in effect on the 25:th of May 2018. This regulation will affect all companies working with citizens of EU, do many companies will be affected not only Companies with offices within the EU.

So if your company is within EU or work with EU citizens this affects your company.

Why should you bother, well the board of directors of your company will. Because the company can get a fine of 4% of your total revenue and your company can be stopped from handling personal information about European citizens. And that includes information about customers, partners and suppliers.

Why is this implemented

We send out more and more information about our personal information and companies has forgotten that they have only borrowed this information and they can’t do what they want with this.
And with all data breaches in mind a better knowledge and understanding about security would probably have prevented many of them.

I will continue to monitor this area and write about this

Feel free to give your comment about GDPR or contact me if you have any other questions