I am *** Chief Technical architect from *** and I have a couple of questions about GDPR implementation in customers applications.
1. In order to be compliant with GDPR the user has some rights that should be available by the different systems such as the right to delete the personal data, the right to rectify, the right to get a copy of his personal data, and so on.
Are there any issues if these rights are implemented using defined processes with our customers and use database scripts to implement the required rights Instead of modifying each and every application to implement these rights?
These database scripts will be included in the application deliverables.
2. The right to be informed will be included in the cookies bar or a separate checkbox in the registration process or the consent signed by the employees using these applications, is that accepted?
3. Would you please confirm that securing the data at rest can be achieved by applying security measures on the database access either physically (access to the physical server) or logically (access to the database tables) if it is on-premise?
This is also applied on databases hosted on the cloud by the cloud providers and in this case we need a confirmation from the cloud provider that the servers are secured as required and confirm the required security measures.
4. Securing the data at transit can be implemented by securing the communication channel (i.e. using HTTPS protocol, or SFTP if the personal data included in files) and securing any media used to backup or transfer the data
5. Encryption of personal data in the databases is something that is recommended and it is not mandated by GDPR for securing user personal data at rest, please confirm