The new General Data Protection Regulation of the EU will take effect on May 25th, 2018. Let us take a quick look on what this regulation is all about.
The General Data Protection Regulation is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
Today, the field of data protection is regulated by each 28 EU member state’s own laws. GDPR aims to erase the ambiguity brought forth by this.
GDPR concentrates on four distinct fields:
- Defines personal and sensitive data
- Details how these are to be handled
- Establishes fines for non-compiance
- Sets new requirements for breach notifications
But what is GDPR all about? Rights. Rights for the EU ciztiens to have greater controll of their data (personal data and sensitive personal data):
- Consent for personal data to be shared and processed
- Right to access personal data
- Right to be forgotten
- Right to portability
- Right to recification
- Right to resist processing
- Right not to be subject of automated decission making
From these rights, maybe the most important is the one about consent. Personal data may not be shared or processed without the explicit consent of the data subject. Data subject must be advised exactly and plainly on what data will be collected and how it will be used. Consent will be required for all processed or stored data, including systems already in place. Organisations will have to work out a way to gain consent which is fair, lawful and allowed.
With the new rights becoming law, organisations have to ask themselves; does this apply to me or not? This is best answered by a qualified lawyer, but in short: any data that represents an EU citizen has to meet the requirements, it does not matter where the data is stored or accessed from.
If an organisation is in the scope of GDPR, it may have to:
- Appoint a data protection officer (> 250 employees)
- Appoint reprezentative inside EU
- Review data collection procedures
- Create data protection awareness program for employees
- Perform initial and ongoing information audits
- Complete Data Protection Impact Assessments
To enforce compliance, the regulation opens the possibility for high fines.
- 2% of annual global revenue, or 10 million euro (w/e is higher).
- Data breaches
- Not employing DPO (when it would be needed)
- Not conducting DPIA (Data Protection Impact Assessments)
- Not keeping appropriate records
- 4% of annual global revenue, or 20 million euro (w/e is higher).
- Failing to gain consent
- Not upholding customer rights
- Moving data outside the EU
Of course these are only the maximal possible fines, their enforcement will be proprotionate. However non-compliance will have other impacts as well, such as damage to the company’s reputation and lost consumer trust.
Guides have been created and published for companies that detail the steps they should take to gain compliance. In general, they expect the companies to map what data they have, check if their processing is fair, lawful and allowed, remove any unneded data (data minimazation), create a procedure for consent handling, recognize the rights granted to individuals, create risk assasment from the data subject’s perspective, reduce risks, have incident response plan, host security awareness trainings for employees; finally, do all this (and more) before May 25th, 2018.
A quick way to gain first impressions on your company’s compliance level is to use self assessment form proviced by ico., which can be found here: http://www2.infosecinstitute.com/GDPR-Readiness
Keep Calm and Prepare for GDPR!
GDPR Compliance: What You Need to Know Before May 2018
Let’s Cut The Crap On GDPR by Carl Gottlieb
Virtual Session: GDPR without the Hype
Today I would like to take a break from our ongoing informative articles. Just lean back and have some fun reading about how software projects got their name.
The FDA (Food and Drug Administration) has released the well known standard 21 CFR PART 11, which governs how affected systems should handle electronic records and signatures. The scope of this standard extends to all companies within the food, clinical or pharmaceutical industries.
The question is if a web-based training system (also called Learning Management System or LMS for short) is required to be compliant with Part 11 or not. There is no clear answer to this question however; just as it is the case with any type of system (be it web-based or not) it depends on two main factors:
- What the system is/will be used for.
- If the system’s output (electronic or paper) will be used as official records.
If the system is/will be used to train employees and the electronic records of this process will be the proof of completion, compliance with Part 11 is required.
On the other hand, if compliance is not required, it may still be a good idea to verify if the employed system would confirm with Part 11 or not. The standard itself was created for the purpose of information security and the general requirements of confidentiality, integrity and availability (also known as CIA) are represented in it. The same view is employed here as is in many standards regarding information security.
More information and resources on the subject can be found here:
Today the use of Microsoft Word is widespread in most organizations. Everyone uses it, but only few know how to do so properly.
It is a frequent occurrence to open a document, only to find it being misaligned or suffering from other styling errors. These issues can be distracting at best, but can also make the whole document unreadable. Knowing how to correctly create documents can avoid this situation and be of great benefits, including backwards compatibility with future MS Word versions. Many tutorials can be found on the internet about this subject, just to peak your interest, here are a few:
Quality and quality assurance is an ever present requirement in today’s world. In the field of programming, the management of code quality is a key issue in larger project, especially in cases where several programmers work on a project. Each programmer brings his or her own knowledge to the project, including their own coding style and solutions. While this can be a good concept locally, the whole project can become confusing and unmaintainable.
Luckily this is not a new issue and several solutions have been created for it. Static analysis tools is a collection of such solutions. They include standardization of coding and error detection.
For the list of static analysis tools for PHP, visit the following page: https://github.com/exakat/php-
The field we call Knowledge Management (or KM for short) deals with the creation, acquisition and communication of knowledge. This process is not new in any way, however only in the last 20 years has it evolved into it’s distinct field. Purposeful use of KM can yield great benefits for any organization dealing in knowledge based services.
Before using any sort of KMS (Knowledge Management System), first one must understand what knowledge is. There are many definitions on this subjects, however for the sake of KM, we can look at knowledge as information, which we are able to apply in our activities. There are several categories to it, but the two most important ones are “tacit” (which comes from personal past experiences and is near impossible to articulate) and “explicit” (which can be written down or articulated).
The purpose of any KMS system is to store, extend, update the explicit knowledge the organization owns. Furthermore it allows employees to increase their experience and encourages collaboration.
Following the recent trends, cloud based solutions have become a cornerstone of this field as well. Several SaaS solutions providing KM support are available, knowing why, which and when to use can be imperative. For more information on this subject, I recommend the following sources:
A glimpse of HTML 5.1
The release of the HTML5 standard about two years ago was a big deal in the web development community. Not only because it came packing an impressive list of new features, but also because it was the first major update to HTML since HTML 4.01 was released in 1999. You can still see some websites bragging about the use of the “modern” HTML5 standard today.
Fortunately, we didn’t have to wait quite that long for the next iteration of HTML. In October 2015, the W3C started working on the draft of HTML 5.1 with the goal of fixing some of the issues that were left open in HTML5. After many iterations, it reached the state of “Candidate Recommendation” in June 2016, “Proposed Recommendation” in September 2016 and finally a W3C Recommendation in November 2016. Those who followed this development probably noticed that it was a bumpy ride. A lot of initial HTML 5.1 features were dropped due to poor design or a lack of browser vendor support.
While HTML 5.1 was still in development, the W3C has already started working on a draft of HTML 5.2 which is expected to be released in late 2017. In the meantime, here’s an overview of some of the interesting new features and improvements introduced in 5.1. Browser support is still lacking for these features but we’ll refer you to at least some browsers which can be used to test each example.
The following SitePoint article covers the following:
Context Menus Using the
Details and Summary Elements
More input types —
Responsive Images ( The
srcsetImage Attribute, The
sizesImage Attribute, The
Validating Forms with
Allowfullscreen for Frames
Read the article here: SitePoint
The benefits you will realize by choosing a remote development agency can be significant.
Remote teams often have more experience and greater talent than local coding enterprises. They service the global marketplace, and have a solid understanding of recent trends and technologies.
Good remote coders have learned and practiced ways to become highly productive. And they constantly strive to improve their skills.
Being remote not only requires better communication, it forces it to happen. How does this happen? Weekly meetings, chat sessions, and the exceptional clarity in briefs, specifications, and feedback. These are all part of the overall scheme.
Keep these four golden rules in mind when working with a remote agency:
- A clear brief helps to get a project off to a solid start. Collaboration can get underway even before your brief is finalized when you have a good agency working with you. Be willing to listen to any guidance the project manager may offer. It can help to get everyone on the same page as the project gets underway.
- Practicality is important. Your coding agency should advise you on the coding best practices and the technologies that they plan to put into play. The final decision is yours, but it should be a knowledge-based decision.
Technologies may vary, but the maker’s touch is essential.
- Communicate efficiently and effectively. Understand your responsibilities toward making collaboration work by preparing yourself for periodic briefings. Avoid making changes once the project is in development. If you must do so, be prepared to negotiate new deadlines. Work with the agency to determine which means of communications will work best.
- Listen to the specialists. Professional developers always have the user in mind. Criticism is intended to be constructive, and it is given with the best of intentions. The feedback you may receive is based on solid, variate coding experience.
Read full article: here
The Progressive Web Apps (PWA) technology developed by Google has been available to the public for almost a year, but relatively few people outside the world of hardcore developers are aware of what exactly they are, and how they can use them to their benefit.
It’s important to recognize that there are a few different concepts bundled up into the term “Progressive Web App” and that these individual parts have been available in one form or another before being tied together under one package. Those parts are: Service Worker, App Shell and JSON Manifest.
The Service Worker
The single most interesting component is that of the service worker script. This script acts as an additional layer between the website requests and the internet servers around the world.
It is also responsible for caching content when a visitor browses a PWA enabled page, and stores that data locally on the visitor’s device, whether that is a mobile phone, tablet or desktop computer.
This means that every time we click a link on a website with a Progressive Web App, the request will pass through the service worker script and then based on the rules set forth, will go online and ask for a new web page.
Alternatively, if the user is offline it is possible to have the service worker serve a cached page from the local storage, meaning that we can now design websites that will work 100% when browsed offline, as long as that user has been to the site at least once before.
While the idea of caching content and serving it to users without internet access is not by any means a new one, the combination with an app shell is powerful and offers entirely new ways of thinking about web development.
Read more: Here
Ahead of his talk at Generate Sydney, the man behind ‘A Dao of Web Design’ offers a glimpse into the internet’s future.
Don’t miss John Allsopp’s opening session – Predict the future with this one weird old trick – at Generate Sydney on 5 September. Can’t get there? There are Generate conferences coming up in San Francisco and London too!
If anybody should be able to predict the future, John Allsopp is more qualified than most. He is, after all, the man who just might have coined the inglorious term ‘Web 2.0′ (he can document his usage of it before Tim O’Reilly popularised the phrase).
Allsopp is also feted as one of responsive design’s founding fathers. His essay, ‘A Dao of Web Design‘ was published in 2000. In it he encourages designers to let go of print’s rigidity and embrace the web’s fluidity. Ethan Marcotte cites Allsopp’s essay as one of his key inspirations.
So what does Allsopp – who’s speaking at our Generate Sydney event in September – predict for the next century? You may be somewhat surprised by what he has to say…
Read the article here: Creative Bloq