GDPR - General Data Protection Regulation

[driessen]

Hello,

I start this topic to know the opinion of the FWH users about GDPR.
Starting May 25th, 2018 this new European regulation will be a fact for everyone who is storing personal data of people.

What is the effect of GDPR on the software application we provide to our customers?

I hope to read all your reactions.

Have a nice weekend.

[James Bott]

Michel,

Thanks for bringing this up. This is the first I have heard of it.

I did a Internet search and found a video introduction on this on youtube.

https://www.youtube.com/watch?v=GlAM1Ysy_rs

Note that this was produced by ESet a computer security company. [I am in no way affiliated with them]. There is only a brief message of how they can help, the rest is generic information. I thought it was a good intro.

ESets approach is to encrypt everything from your disk to your emails through a central server. Sounds like a simple solution but also sounds very expensive, especially for smaller companies. To be fair, however, I didn't lookup their pricing. But I did note that it seems if you use their system, then you don't have to do anything to your programs or data files since they just encrypt everything.

I remember back in 1996, I started one of the first online stores. At that time nobody was encrypting purchase information, not even credit card data. I spent months finding a way to do encryption online because nobody knew how to do it.

My how times have changed.

Regards,
James

[Otto]

Hello,

Prepare for the worst – IT security issues continue to plague companies of all sizes. From being an area where companies could prepare well and prevent issues, the sheer complexity of IT today means that many companies are focusing on when they get hacked, not if.

It seems to me that we have to encrypt personal data when storing on disk.

How can this be done best in DBF.
Are indexes working with encrypted data.

Thanks in advance
Otto

[Enrico Maria Giordano]

This is a way:

Code: Select all | Expand

DBINFO( DBI_PASSWORD, cPsw )

EMG

[driessen]

I'm afraid that encrypting data won't be enough.
Just google the GDPR regulation and you'll see that it is a lot more than that.
You need to keep a logbook where you need write down how you get the data, how you process the data and how you store the data.
It is not that simple.
I'll have a seminar probably in September.
I'll keep you all informed.

[Otto]

Hello Michel,

the use of a customer class how James is suggesting will reduce work a lot.

In my case this means not much effort

Code: Select all | Expand

method _save

example what I have at the moment:

    oKontakt := TData():New(,Setup():Daten + "datagast\kontakte")
        oKontakt:use()
    oKontakt:append()

    oKontakt:KDNR  := VAL(cKdNr)
    if ::lAdd = .t.
        oKontakt:Text  := "neue Adresse"
    else
        oKontakt:Text  := "Änderung"
    endif
    
    oKontakt:datum := date()
    oKontakt:zeit  := val(substr(time(),1,2) + substr(time(),4,2) )/100 
    //oKontakt:user_time :=
    oKontakt:save()
    oKontakt:end()

       ::super():save()

 

I am concerned if encryption/decryption is working fine.
Then we need a WDBU – for support work – which is able to read encrypted files.


Next
What about OUTLOOK. How are the emails effected.

Best regards,
Otto

[James Bott]

Let me clarify, if you use a system like Eset's, then the entire disk is encrypted and they handle email too. And I'm sure there will be others like theirs.

Otherwise, I think (x)Harbour is going to need to include the code for encryption. It has to be high level encryption, and we can't all find our own solutions. It needs to be built-in.

For Outlook and other email systems, the company that produces them will be responsible.

I think all we can do for now is to get educated and pressure the (x)Harbour authors to provide it. Or, contribute if you have the skills.

James

[Otto]

Hello,
I would like to inform you about a new xing Group dealing with this subject.
Best regards,
Otto

Dr. Markus Knasmüller hat Ihren Gruppenbeitrag kommentiert: "O.T.: GDPR - General Data Protection Regulation"

"Meine Vorredner haben ja schon einiges dazu gesagt, aber egal wie es ist viel zu tun, und es wird eine noch größere Herausforderung als die RKSV traue ich mir sagen. Wir haben mal eine XING-Gruppe gegründet: https://www.xing.com/communities/groups ... df-1098433, vielleicht wird diese ja ein ähnlicher Erfolg wie diese Gruppe. BTW das Gesetz ist schon beschlossen, wenn tatsächlich wohl auch etwas unglücklich."

https://www.xing.com/via/communities/po ... t=35316874

[hmpaquito]

Enrico,

This is a way:

Code: Select all | Expand

DBINFO( DBI_PASSWORD, cPsw )

EMG

How to ? Harbour or xHarbour ?

With memo fields too ?

[Enrico Maria Giordano]

Enrico,

This is a way:

Code: Select all | Expand

DBINFO( DBI_PASSWORD, cPsw )

EMG

How to ? Harbour or xHarbour ?

Both, I think. I tried with xHarbour.

With memo fields too ?

Yes, but memo fields are not encrypted (if I remember correctly).

EMG

[hmpaquito]

Enrico,

From actual Harbour project, in dbf1.c file:

Code: Select all | Expand

 fSet = ! pArea->fHasMemo && HB_IS_STRING( pPasswd ) && ( ! fRaw || nLen == 8 );

-

       fEncrypt ? ! pArea->fTableEncrypted && ! pArea->fHasMemo :
                    pArea->fTableEncrypted )

-
         /* This enables record encryption in update operation */
         if( pArea->bCryptType == DB_CRYPT_SIX && ! pArea->fHasMemo )
            pArea->fEncrypted = HB_TRUE;

From actual xHarbour project, version 1.2.3 rev 10209, in dbf1.c file:

Code: Select all | Expand

fSet  = ! pArea->fHasMemo && HB_IS_STRING( pPasswd ) && ( ! fRaw || ulLen == 8 );

-

fEncrypt ? ! pArea->fTableEncrypted && ! pArea->fHasMemo :
       pArea->fTableEncrypted )

-

 pArea->fEncrypted = pArea->pCryptKey != NULL && ! pArea->fHasMemo;

-

         if( ! pArea->fHasMemo )
            pArea->fEncrypted = TRUE;

-

 if( pArea->bCryptType == DB_CRYPT_SIX && ! pArea->fHasMemo )
            pArea->fEncrypted = TRUE;

 

So, it seems dbf files with memo field is not possible for encrypting, neither in harbour nor in xharbour.

do you use DBI_PASSWORD in production programs ? pls
how to encrypt dbf files ? pls

Regards

[Enrico Maria Giordano]

So, it seems dbf files with memo field is not possible for encrypting, neither in harbour nor in xharbour.

Yes, you're right. I checked and I used that only for DBF without memo fields.

do you use DBI_PASSWORD in production programs ? pls

Yes.

how to encrypt dbf files ? pls

As I already wrote:

Code: Select all | Expand

DBINFO( DBI_PASSWORD, cPsw )

EMG

[hmpaquito]

Thanks for the response, but being things like that, it is a very serious problem for all of us who use dbf files throughout Europe, if we want to apply the GDPR to our programs.

In my programs it is very common for a dbf to have a memo field. Where do you record the customer's observations if not together with the rest of the customer's data?


Harbour and xHarbour are not updated for the GDPR contingency.

[nageswaragunupudi]

Encrypting memo fields is not a big issue. This can be resolved.

The real problem is Index files. Contents of index files are not encrypted.

[Otto]

Hello hapaquito,

where did you read that you have to encrypt your data.
I think you have to password protect your system and the access to your files.
This should be enough.

These is also a technique called pseudonymisation which is allowed. Maybe an index file can be subsume under this if you make some little changes to the keys.


What I heard so far an active security protection should be sufficient.
If a system gets physically stolen maybe something like BitLocker would be fine.

Does Fivewin/dbf work well with activated Bitlocker?

Best regards,
Otto