WordPress.org

Make WordPress Core

Changes between Version 1 and Version 2 of Ticket #43175, comment 17


Ignore:
Timestamp:
05/19/2018 03:47:13 AM (3 years ago)
Author:
summoner
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #43175, comment 17

    v1 v2  
    33On one hand i would delete personal data only as a last resort and only in such cases when it is compulsory to do so /see Article 17 (1) a)-f) considering even exceptions noted in (3) b) and e) /
    44
    5 In any other case i would suggest just pseudonymisation or encryption of the data mainly because the subject should be able to make themselves reidentifyable as it stands in Article 11. (2). So if the controller does not store the encryption key anymore but the subjects provides additional info to identify themselves, they should be reenabled to exercise their rights to access or rectify their data, right to erasure, right to restriction of processing and right to data portability.
     5In any other case i would suggest just pseudonymisation or encryption of the data mainly because the subject should be able to make themselves reidentifyable as it stands in Article 11. (2). So if the controller does not store the encryption key anymore but the subject provides additional info to identify themselves, they should be reenabled to exercise their rights to access or rectify their data, right to erasure, right to restriction of processing and right to data portability.
    66
    77
    8 On the other hand the data controller must also assure proper level of security of processing (Article 32 (1) a) and as storing hashkeys separated from the hashed data might be too complicated, maybe deleting personal data is more preferable in most cases. I mean if there are no obligations to keep billing data  for X years in case of online shops for example.
     8On the other hand the data controller must also assure proper level of security of processing /Article 32 (1) a)/ and as storing hashkeys separated from the hashed data might be too complicated, maybe deleting personal data is more preferable in most cases. I mean if there are no obligations to keep billing data  for X years in case of online shops for example.
    99
    1010