Awesome-Mirrors/decentralized-id.github.io
1
0
Fork 0
mirror of https://github.com/Decentralized-ID/decentralized-id.github.io.git synced 2024-07-08 20:01:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

update gdpr

Browse Source
This commit is contained in:
Infominer 2020-01-05 23:54:47 -05:00
parent 30c75070b5
commit b64f36b2e6
1 changed files with 73 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
_posts/2019-03-01-gdpr.md
View File

@ -1,28 +1,90 @@
---
title: EU General Data Protection Regulation Act
title: The General Data Protection Regulation (GDPR) of the European Union
layout: single
classes: wide
toc: false
permalink: gdpr/
canonical_url: 'https://decentralized-id.com/gdpr/'
redirect_from: gdpr
permalink: regulation/gdpr/
canonical_url: 'https://decentralized-id.com/regulation/gdpr/'
redirect_from:
- gdpr
- gdpr/
categories: ["Literature", "Regulation"]
tags: ["GDPR"]
last_modified_at: 2020-01-05
---
The General Data Protection Regulation (GDPR) is a privacy regulation enacted May 2018, effecting anyone processing the data of EU residents.
[Is Self-Sovereign Identity the ultimate GDPR compliance tool? [**1**]](https://medium.com/evernym/is-self-sovereign-identity-ssi-the-ultimate-gdpr-compliance-tool-9d8110752f89) [[**2**](https://medium.com/evernym/is-self-sovereign-identity-ssi-the-ultimate-gdpr-compliance-tool-40db94c1c437)] [[**3**](https://medium.com/evernym/is-self-sovereign-identity-ssi-the-ultimate-gdpr-compliance-tool-7296a3b07769)]
[GDPR - A reflection on the 'self-sovereign identity' and the Blockchain](https://www.linkedin.com/pulse/gdpr-reflection-self-sovereign-identity-blockchain-nicolas-ameye/)
[Digital Identity Management in the Context of GDPR & Sovrin](https://blog.tykn.tech/digital-identity-management-in-the-context-of-gdpr-sovrin-43028247378b)
EU Blockchain Observatory and Forum Report [Blockchain and Identity](https://www.eublockchainforum.eu/sites/default/files/report_identity_v0.9.4.pdf)
**Section 19: Decentralised identity and the European regulatory landscape**
* IDENTITY AND THE GDPR
> An identity framework will need to work within such GDPR principles as data minimisation, purpose limitation and storage limitation. It will also have to deal with many of the rights that data subjects have under the GDPR, among them the well-known right to erasure (right to be forgotten), right of access and rights related to the automated processing of data. The GDPR also lays down clear responsibilities for data controllers and processors that will certainly need to be taken into account as well.
* EIDAS: A PAN-EUROPEAN NATIONAL IDENTITY STANDARD
> Perhaps the most important regulation dealing with identity in the EU is eIDAS, an EU regulation and a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. This regulation will have a deep impact on the decentralised identity framework, above all as it pertains to government-issued/recognised identity credentials, and so is worth a closer look.
## Resources
* [History of the GDPR](https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en)
* [EU GDPR - TOC](http://www.privacy-regulation.eu/en/index.htm) - table of contents, cross-references, emphases, corrections and a dossier function.
* [bakke92/awesome-gdpr](https://github.com/bakke92/awesome-gdpr) - Curated List of GDPR Information
* [erichard/awesome-gdpr](https://github.com/erichard/awesome-gdpr) - A curated list of GDPR-compliant tools for websites creators.
* [Awesome Data Privacy](https://github.com/yilmaztolga/awesome-data-privacy)
### Privacy by Design
Privacy by Design means that privacy should be considered from the very beginning, when designing a product. [Article 25](https://iapp.org/resources/article/the-eu-general-data-protection-regulation/#A25) of the GDPR requires “data protection by design; data controllers must put technical and organisational measures such as pseudonymisation in placeto minimise personal data processing.”
* [GDPR and Privacy by Design, What developers need to know](https://medium.com/@sphereidentity/gdpr-and-privacy-by-design-what-developers-need-to-know-fa5a936da65a)
* [Privacy by Design The 7 Foundational Principles](https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf)
> 1. Proactive not Reactive; Preventative not Remedial
> 2. Privacy as the Default Setting
> 3. Privacy Embedded into Design
> 4. Full Functionality — Positive-Sum, not Zero-Sum
> 5. End-to-End Security — Full Lifecycle Protection
> 6. Visibility and Transparency — Keep it Open
> 7. Respect for User Privacy — Keep it User-Centric
* [Self-Sovereign Privacy By Design](https://github.com/sovrin-foundation/protocol/blob/master/self_sovereign_privacy_by_design_v1.md)s
* [Is Self-Sovereign Identity the ultimate GDPR compliance tool? [**1**]](https://medium.com/evernym/is-self-sovereign-identity-ssi-the-ultimate-gdpr-compliance-tool-9d8110752f89) [[**2**](https://medium.com/evernym/is-self-sovereign-identity-ssi-the-ultimate-gdpr-compliance-tool-40db94c1c437)] [[**3**](https://medium.com/evernym/is-self-sovereign-identity-ssi-the-ultimate-gdpr-compliance-tool-7296a3b07769)]
### Privacy Impact Assesment
[Article 35](http://www.privacy-regulation.eu/en/article-35-data-protection-impact-assessment-GDPR.htm) describes “a process which assists organizations in identifying and minimizing the privacy risks of new projects or policies” called a [Privacy Impact Assessment](https://en.wikipedia.org/wiki/Privacy_Impact_Assessment) (PIA),
* [ISO/IEC 29134:2017 - Guidelines for privacy impact assessment](https://www.iso.org/standard/62289.html)
* [Open Source PIA Software](https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment) - cnil.fr
> The PIA software aims to help data controllers build and demonstrate compliance to the GDPR. The tools is available in French and in English. It facilitates carrying out a data protection impact assessment, which will become mandatory for some processing operations as of 25 May 2018. This tool also intends to ease the use of the PIA guides published by the CNIL.
* [Sample DPIA Template](https://iapp.org/resources/article/sample-dpia-template/)
> This template, published by the U.K. Information Commissioner's Office, offers an example recording the process and outcomes of a DPIA. It is meant as a complement to the ICO's DPIA guidance and the Criteria for an acceptable DPIA set out in European guidelines on DPIAs.
* [Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01)](https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236)
### Blockchain and GDPR
* [EU Blockchain Forum - Blockchain and the GDPR](https://www.eublockchainforum.eu/sites/default/files/reports/20181016_report_gdpr.pdf)
[![](https://i.imgur.com/HADdi6N.jpg)](https://www.eublockchainforum.eu/sites/default/files/reports/20181016_report_gdpr.pdf)
* [Blockchains and Data Protection in the European Union](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3080322)
* [IBM — How blockchain could address five areas associated with GDPR compliance](https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=61014461USEN)
* [GDPR - A reflection on the 'self-sovereign identity' and the Blockchain](https://www.linkedin.com/pulse/gdpr-reflection-self-sovereign-identity-blockchain-nicolas-ameye/)
* [GDPR and Privacy by Design, What developers need to know](https://medium.com/@sphereidentity/gdpr-and-privacy-by-design-what-developers-need-to-know-fa5a936da65a)
* [Privacy by Design The 7 Foundational Principles](https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf)
* [When GDPR Becomes Real, and Blockchain is no longer fairydust](https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/gdpr.md)
* [Self-Sovereign Privacy By Design](https://github.com/sovrin-foundation/protocol/blob/master/self_sovereign_privacy_by_design_v1.md)s
### Checklists
* [GDPR Checklist for Websites & Mobile Applications](https://github.com/InspireNL/GDPR-Checklist-for-Websites-and-Apps)
* [GDPR Checklist](https://gdprchecklist.io)
* [GDPR Expert](https://www.gdpr-expert.com) - information on each article, for different countries in the EU.
> - the corresponding provision in the (former) Directive;
> - the corresponding provision in the country you have selected;
> - an analysis of the "Existing position";
> - an analysis of the "Future position";
> - an analysis of "Potential issues";
> - the first and second proposals of EU Regulation;
> - the relevant recital(s).
### Frameworks
* [Top 10 GDPR Frameworks](https://alpin.io/blog/top-10-gdpr-frameworks/)
* [IAB Europe Transparency and Consent Framework (TCF)](https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/Consent%20string%20and%20vendor%20list%20formats%20v1.1%20Final.md) - assisting the digital advertising industry to interpret and comply with data protection and privacy regulation - notably the General Data Protection Regulation (GDPR).