_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

GDPR technická implementace

10. 06. 2024 1 min read intermediate

GDPR není jen právní dokument. Vyžaduje konkrétní technická opatření — šifrování, pseudonymizaci, data portability, right to erasure.

Key Requirements

  • Šifrování osobních údajů (at rest + in transit)
  • Pseudonymizace kde možné
  • Data minimization — sbírejte jen nutné
  • Right to erasure — smazání na žádost
  • Data portability — export v strojovém formátu
  • Breach notification — 72 hodin

Implementation

Pseudonymizace

import hashlib def pseudonymize(email): return hashlib.sha256(email.encode() + SALT).hexdigest()

Right to erasure

async def delete_user_data(user_id): await db.users.delete(user_id) await db.orders.anonymize(user_id) # Anonymizace, ne smazání await db.logs.redact(user_id) await search_index.delete(user_id) await backups.mark_for_deletion(user_id)

Data export (portability)

async def export_user_data(user_id): data = { “profile”: await db.users.get(user_id), “orders”: await db.orders.list(user_id), “preferences”: await db.prefs.get(user_id), } return json.dumps(data, indent=2)

Key Takeaway

Šifrujte, pseudonymizujte, minimalizujte data. Implementujte erasure a export API. Breach notification do 72 hodin.

securitygdprprivacycompliance
Share:

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

GDPR — Technical Preparation That Can't Be Postponed

May 25, 2018 marks the start of GDPR enforcement. What it means for technical teams and what architectural changes...

GDPR Day D — What We Accomplished and What We Didn't

May 25, 2018 is here. A recap of our technical GDPR preparation, what works and what we didn't finish.

GDPR — Technical Measures for IT Systems

Practical guide to technical measures for GDPR compliance. Encryption, pseudonymization, audit logs and right to...