The GDPR considers, inter alia, the full name of a person (=legal fiction that includes human beings as well as legal constructs) is "sensitive data".
The GDPR considers, inter alia, transferring website contents as "processing". The GDPR mandates, inter alia, that "sensitive data" be "processed" in a way that "prevents unauthorized access". So if your Website contains the name of a person, the transfer has to be encrypted. Clear enough? The GDPR also mandates that the express permission and the exhaustive list of purposes be documented. Even if you are just collecting business cards of your contacts in a physically ordered (aka indexed) fashion (throwing them in a box and shaking the contents is exempt, because you have to "full table scan" to retrieve one). You need to write down the types of sensitive data you have. You need to write down how you intend to safeguard that data. You need to write down the "applications" you have (e.g. newsletter, accounting, sales, ...) You need to provide documentation of compliance for inspection. You need to provide, in detail, on request by a person, the sensistive data kept about that person. You need to correct and/or delete, on request, the sensistive data kept about a person. Take the SQLite Fossil repository as an example. It includes who checked in what and when. If any of the contributors are located within the EU, this data fall under GDPR jurisdiction... -----Ursprüngliche Nachricht----- Von: sqlite-users [mailto:sqlite-users-boun...@mailinglists.sqlite.org] Im Auftrag von Simon Slavin Gesendet: Freitag, 08. Juni 2018 08:37 An: SQLite mailing list <sqlite-users@mailinglists.sqlite.org> Betreff: Re: [sqlite] [EXTERNAL] Re: sqlite.org website is now HTTPS-only On 8 Jun 2018, at 6:55am, Hick Gunter <h...@scigames.at> wrote: >> Why can't we have both? I mean the software is in the public domain there is >> nothing to hide so what's the point of encrypting the site? > > I believe it is because of the EU GDPR, which is designed to placea > disproportionate burden on small businesses that cannot afford a full time > compliancy department What the heck ? These things are both wrong, and have nothing to do with one-another. First, the use of HTTPS does not mean that the site is encrypted. The site is the same as it always has been, and is stored on the server unencrypted. HTTPS means that the reply the server sends to your browser's enquiry is encrypted and signed. The encryption means that nobody can spy on the communication (including employees of your ISP and people staking out your WiFi basestation) and the signature means that you can be certain that the web page you received really came from the server you contacted and not some other server (e.g. one hosting adware or malware or a competitor's site). Second, the GDPR is far more of a pain to big business, which wants to monetise every piece of information it can tease out about every visitor -- and can afford the huge server farm and processing costs -- than it is to the little business with a contact page and a "sales@" email address. General Motors would love to collect details about the times of day you're online, how often you check for price reductions, and which other car company's sites you've visited. Bob's Autos doesn't know anything about you except what you put in your message to them. Bob thinks asking strangers intimate questions is creepy. The GDPR is, at heart, very simple. It says that if a non-employee wants you to know something about them, they will tell you what that thing is and how you may use the information. And that has nothing to do with HTTPS. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users ___________________________________________ Gunter Hick | Software Engineer | Scientific Games International GmbH | Klitschgasse 2-4, A-1130 Vienna | FN 157284 a, HG Wien, DVR: 0430013 | (O) +43 1 80100 - 0 May be privileged. May be confidential. Please delete if not the addressee. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
