Update and rename GDPR to GDPR.md

2026-01-24 18:18:42 +00:00 · 2018-09-27 14:25:38 +02:00 · 2018-09-27 14:25:38 +02:00 · e68e45dd94
commit e68e45dd94
parent 4f9ea9708d
2 changed files with 16 additions and 1 deletions
--- a/Legal/GDPR
+++ b/Legal/GDPR
@ -1 +0,0 @@
-# GDPR
--- a/Legal/GDPR.md
+++ b/Legal/GDPR.md
@ -0,0 +1,16 @@
+# GDPR
+
+* All personal data or data which can be used to identify a person
+* Collection must be for specific use case(s)
+* Needs to be accurate (updated)
+* Data mustn't be stored longer than necessary OR for archiving, or statistical purposes.
+* User must be allowed to request deletion (store datetime for interval analysis)
+* Data must be optional unless absolutely required (e.g. HR data, customer info for invoice etc.). All other data requires approval by holder.
+* Must be at least 16 years old
+* Inform breach after 72 hours
+
+## Processing
+
+* Consent must be given by person (this consent needs to be able to demonstrate). Therefore it must be a activation checkbox and not a deactivation checkbox.
+* Must be necessary for the contract (e.g. writing invoice etc.)
+* User may request what data is stored