From e68e45dd9485679d914111273ad93e6b89e8863f Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Thu, 27 Sep 2018 14:25:38 +0200
Subject: [PATCH] Update and rename GDPR to GDPR.md

---
 Legal/GDPR    |  1 -
 Legal/GDPR.md | 16 ++++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)
 delete mode 100644 Legal/GDPR
 create mode 100644 Legal/GDPR.md

diff --git a/Legal/GDPR b/Legal/GDPR
deleted file mode 100644
index 3065f6b..0000000
--- a/Legal/GDPR
+++ /dev/null
@@ -1 +0,0 @@
-# GDPR
diff --git a/Legal/GDPR.md b/Legal/GDPR.md
new file mode 100644
index 0000000..bb0ff48
--- /dev/null
+++ b/Legal/GDPR.md
@@ -0,0 +1,16 @@
+# GDPR
+
+* All personal data or data which can be used to identify a person
+* Collection must be for specific use case(s)
+* Needs to be accurate (updated)
+* Data mustn't be stored longer than necessary OR for archiving, or statistical purposes.
+* User must be allowed to request deletion (store datetime for interval analysis)
+* Data must be optional unless absolutely required (e.g. HR data, customer info for invoice etc.). All other data requires approval by holder.
+* Must be at least 16 years old
+* Inform breach after 72 hours
+
+## Processing
+
+* Consent must be given by person (this consent needs to be able to demonstrate). Therefore it must be a activation checkbox and not a deactivation checkbox.
+* Must be necessary for the contract (e.g. writing invoice etc.)
+* User may request what data is stored