GDPR and impact assessment on data protection
Assign topic to the user
So we have this software where people make recommendation for friends to buy goods, and in the process of buying with credit card's etc customer information is disclosed. how can we make sure people don't use those info; to hack or etc other customers?
If credit card data is processed you need to ensure that you are PCI compliant or that you use a third party that it is PCI compliant.
Regarding the use of other personal data besides credit card data, you need to follow the GDPR principles and apply adequate security measures as per art. 32.
In summary: like how do we protect customer data when a project went live.?
Another thing you need to consider is having adequate Terms and Conditions so the users have a clear view of what they can do and what is forbidden.
I would advise you to perform a Data Protection Impact Assessment before going live.
You can find out more about Data Protection Impact Assessment from thus fee webinar Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR: https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/
Comment as guest or Sign in
Dec 23, 2019