GDPR - General Data Protection Regulation

GDPR - General Data Protection Regulation

Postby driessen » Fri Jul 07, 2017 12:21 pm

Hello,

I start this topic to know the opinion of the FWH users about GDPR.
Starting May 25th, 2018 this new European regulation will be a fact for everyone who is storing personal data of people.

What is the effect of GDPR on the software application we provide to our customers?

I hope to read all your reactions.

Have a nice weekend.
Regards,

Michel D.
Genk (Belgium)
_____________________________________________________________________________________________
I use : FiveWin for (x)Harbour v. 24.02 - Harbour 3.2.0 (February 2024) - xHarbour Builder (January 2020) - Bcc77
User avatar
driessen
 
Posts: 1380
Joined: Mon Oct 10, 2005 11:26 am
Location: Genk, Belgium

Re: GDPR - General Data Protection Regulation

Postby James Bott » Fri Jul 07, 2017 10:44 pm

Michel,

Thanks for bringing this up. This is the first I have heard of it.

I did a Internet search and found a video introduction on this on youtube.

https://www.youtube.com/watch?v=GlAM1Ysy_rs

Note that this was produced by ESet a computer security company. [I am in no way affiliated with them]. There is only a brief message of how they can help, the rest is generic information. I thought it was a good intro.

ESets approach is to encrypt everything from your disk to your emails through a central server. Sounds like a simple solution but also sounds very expensive, especially for smaller companies. To be fair, however, I didn't lookup their pricing. But I did note that it seems if you use their system, then you don't have to do anything to your programs or data files since they just encrypt everything.

I remember back in 1996, I started one of the first online stores. At that time nobody was encrypting purchase information, not even credit card data. I spent months finding a way to do encryption online because nobody knew how to do it.

My how times have changed.

Regards,
James
FWH 18.05/xHarbour 1.2.3/BCC7/Windows 10
User avatar
James Bott
 
Posts: 4840
Joined: Fri Nov 18, 2005 4:52 pm
Location: San Diego, California, USA

Re: GDPR - General Data Protection Regulation

Postby Otto » Sun Jul 09, 2017 6:28 am

Hello,

Prepare for the worst – IT security issues continue to plague companies of all sizes. From being an area where companies could prepare well and prevent issues, the sheer complexity of IT today means that many companies are focusing on when they get hacked, not if.



It seems to me that we have to encrypt personal data when storing on disk.

How can this be done best in DBF.
Are indexes working with encrypted data.

Thanks in advance
Otto
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
 
Posts: 5994
Joined: Fri Oct 07, 2005 7:07 pm

Re: GDPR - General Data Protection Regulation

Postby Enrico Maria Giordano » Sun Jul 09, 2017 7:20 am

This is a way:

Code: Select all  Expand view
DBINFO( DBI_PASSWORD, cPsw )


EMG
User avatar
Enrico Maria Giordano
 
Posts: 8243
Joined: Thu Oct 06, 2005 8:17 pm
Location: Roma - Italia

Re: GDPR - General Data Protection Regulation

Postby driessen » Sun Jul 09, 2017 9:44 am

I'm afraid that encrypting data won't be enough.
Just google the GDPR regulation and you'll see that it is a lot more than that.
You need to keep a logbook where you need write down how you get the data, how you process the data and how you store the data.
It is not that simple.
I'll have a seminar probably in September.
I'll keep you all informed.
Regards,

Michel D.
Genk (Belgium)
_____________________________________________________________________________________________
I use : FiveWin for (x)Harbour v. 24.02 - Harbour 3.2.0 (February 2024) - xHarbour Builder (January 2020) - Bcc77
User avatar
driessen
 
Posts: 1380
Joined: Mon Oct 10, 2005 11:26 am
Location: Genk, Belgium

Re: GDPR - General Data Protection Regulation

Postby Otto » Sun Jul 09, 2017 10:12 am

Hello Michel,

the use of a customer class how James is suggesting will reduce work a lot.

In my case this means not much effort
Code: Select all  Expand view

method _save

example what I have at the moment:

    oKontakt := TData():New(,Setup():Daten + "datagast\kontakte")
        oKontakt:use()
    oKontakt:append()

    oKontakt:KDNR  := VAL(cKdNr)
    if ::lAdd = .t.
        oKontakt:Text  := "neue Adresse"
    else
        oKontakt:Text  := "Änderung"
    endif
    
    oKontakt:datum := date()
    oKontakt:zeit  := val(substr(time(),1,2) + substr(time(),4,2) )/100
    //oKontakt:user_time :=
    oKontakt:save()
    oKontakt:end()

       ::super():save()

 


I am concerned if encryption/decryption is working fine.
Then we need a WDBU – for support work – which is able to read encrypted files.


Next
What about OUTLOOK. How are the emails effected.

Best regards,
Otto
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
 
Posts: 5994
Joined: Fri Oct 07, 2005 7:07 pm

Re: GDPR - General Data Protection Regulation

Postby James Bott » Sun Jul 09, 2017 4:14 pm

Let me clarify, if you use a system like Eset's, then the entire disk is encrypted and they handle email too. And I'm sure there will be others like theirs.

Otherwise, I think (x)Harbour is going to need to include the code for encryption. It has to be high level encryption, and we can't all find our own solutions. It needs to be built-in.

For Outlook and other email systems, the company that produces them will be responsible.

I think all we can do for now is to get educated and pressure the (x)Harbour authors to provide it. Or, contribute if you have the skills.

James
FWH 18.05/xHarbour 1.2.3/BCC7/Windows 10
User avatar
James Bott
 
Posts: 4840
Joined: Fri Nov 18, 2005 4:52 pm
Location: San Diego, California, USA

Re: GDPR - General Data Protection Regulation

Postby Otto » Thu Jul 13, 2017 8:59 pm

Hello,
I would like to inform you about a new xing Group dealing with this subject.
Best regards,
Otto

Dr. Markus Knasmüller hat Ihren Gruppenbeitrag kommentiert: "O.T.: GDPR - General Data Protection Regulation"

"Meine Vorredner haben ja schon einiges dazu gesagt, aber egal wie es ist viel zu tun, und es wird eine noch größere Herausforderung als die RKSV traue ich mir sagen. Wir haben mal eine XING-Gruppe gegründet: https://www.xing.com/communities/groups ... df-1098433, vielleicht wird diese ja ein ähnlicher Erfolg wie diese Gruppe. BTW das Gesetz ist schon beschlossen, wenn tatsächlich wohl auch etwas unglücklich."

https://www.xing.com/via/communities/po ... t=35316874
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
 
Posts: 5994
Joined: Fri Oct 07, 2005 7:07 pm

Re: GDPR - General Data Protection Regulation

Postby hmpaquito » Wed Dec 27, 2017 5:58 pm

Enrico,

Enrico Maria Giordano wrote:This is a way:

Code: Select all  Expand view
DBINFO( DBI_PASSWORD, cPsw )


EMG



How to ? Harbour or xHarbour ?

With memo fields too ?
hmpaquito
 
Posts: 1482
Joined: Thu Oct 30, 2008 2:37 pm

Re: GDPR - General Data Protection Regulation

Postby Enrico Maria Giordano » Wed Dec 27, 2017 6:35 pm

hmpaquito wrote:Enrico,

Enrico Maria Giordano wrote:This is a way:

Code: Select all  Expand view
DBINFO( DBI_PASSWORD, cPsw )


EMG



How to ? Harbour or xHarbour ?


Both, I think. I tried with xHarbour.

hmpaquito wrote:With memo fields too ?


Yes, but memo fields are not encrypted (if I remember correctly).

EMG
User avatar
Enrico Maria Giordano
 
Posts: 8243
Joined: Thu Oct 06, 2005 8:17 pm
Location: Roma - Italia

Re: GDPR - General Data Protection Regulation

Postby hmpaquito » Wed Dec 27, 2017 6:42 pm

Enrico,

From actual Harbour project, in dbf1.c file:

Code: Select all  Expand view
fSet = ! pArea->fHasMemo && HB_IS_STRING( pPasswd ) && ( ! fRaw || nLen == 8 );

-

       fEncrypt ? ! pArea->fTableEncrypted && ! pArea->fHasMemo :
                    pArea->fTableEncrypted )

-
         /* This enables record encryption in update operation */
         if( pArea->bCryptType == DB_CRYPT_SIX && ! pArea->fHasMemo )
            pArea->fEncrypted = HB_TRUE;




From actual xHarbour project, version 1.2.3 rev 10209, in dbf1.c file:

Code: Select all  Expand view
fSet  = ! pArea->fHasMemo && HB_IS_STRING( pPasswd ) && ( ! fRaw || ulLen == 8 );

-

fEncrypt ? ! pArea->fTableEncrypted && ! pArea->fHasMemo :
       pArea->fTableEncrypted )

-

 pArea->fEncrypted = pArea->pCryptKey != NULL && ! pArea->fHasMemo;

-

         if( ! pArea->fHasMemo )
            pArea->fEncrypted = TRUE;

-

 if( pArea->bCryptType == DB_CRYPT_SIX && ! pArea->fHasMemo )
            pArea->fEncrypted = TRUE;

 


So, it seems dbf files with memo field is not possible for encrypting, neither in harbour nor in xharbour.

do you use DBI_PASSWORD in production programs ? pls
how to encrypt dbf files ? pls

Regards
hmpaquito
 
Posts: 1482
Joined: Thu Oct 30, 2008 2:37 pm

Re: GDPR - General Data Protection Regulation

Postby Enrico Maria Giordano » Wed Dec 27, 2017 7:00 pm

hmpaquito wrote:So, it seems dbf files with memo field is not possible for encrypting, neither in harbour nor in xharbour.


Yes, you're right. I checked and I used that only for DBF without memo fields.

hmpaquito wrote:do you use DBI_PASSWORD in production programs ? pls


Yes.

hmpaquito wrote:how to encrypt dbf files ? pls


As I already wrote:

Code: Select all  Expand view
DBINFO( DBI_PASSWORD, cPsw )


EMG
User avatar
Enrico Maria Giordano
 
Posts: 8243
Joined: Thu Oct 06, 2005 8:17 pm
Location: Roma - Italia

Re: GDPR - General Data Protection Regulation

Postby hmpaquito » Wed Dec 27, 2017 7:08 pm

Thanks for the response, but being things like that, it is a very serious problem for all of us who use dbf files throughout Europe, if we want to apply the GDPR to our programs.

In my programs it is very common for a dbf to have a memo field. Where do you record the customer's observations if not together with the rest of the customer's data?


Harbour and xHarbour are not updated for the GDPR contingency. :cry:
hmpaquito
 
Posts: 1482
Joined: Thu Oct 30, 2008 2:37 pm

Re: GDPR - General Data Protection Regulation

Postby nageswaragunupudi » Tue Jan 02, 2018 3:01 pm

Encrypting memo fields is not a big issue. This can be resolved.

The real problem is Index files. Contents of index files are not encrypted.
Regards

G. N. Rao.
Hyderabad, India
User avatar
nageswaragunupudi
 
Posts: 10208
Joined: Sun Nov 19, 2006 5:22 am
Location: India

Re: GDPR - General Data Protection Regulation

Postby Otto » Tue Jan 02, 2018 3:34 pm

Hello hapaquito,

where did you read that you have to encrypt your data.
I think you have to password protect your system and the access to your files.
This should be enough.

These is also a technique called pseudonymisation which is allowed. Maybe an index file can be subsume under this if you make some little changes to the keys.


What I heard so far an active security protection should be sufficient.
If a system gets physically stolen maybe something like BitLocker would be fine.

Does Fivewin/dbf work well with activated Bitlocker?

Best regards,
Otto
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
 
Posts: 5994
Joined: Fri Oct 07, 2005 7:07 pm

Next

Return to FiveWin for Harbour/xHarbour

Who is online

Users browsing this forum: Google [Bot] and 13 guests

cron