Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@FrodoSwaggins well part of the GDPR says that users have the right to view all of the data a company has on them.
If someone impersonates another user they could request that all of that users data be sent to them. -
con-fig3936yImpersonating someone surely requires knowing their password etc. so they'd already be compromised GDPR or not? Honest question.
-
con-fig3936y@Linux well shit a brick. Are there guidelines as to the identification process or is it up to the company?
-
Linux438196y@con-fig
Is it up to the company actually.
GDPR is also affecting "how the employees work" to a lagre extent too -
I agree, especially if a company doesn't require some form of secondary identification
-
Krichel236yGdpr 15.3 and 15.4 should ensure that concrete data must not be disclosed without proper identification. 15.1 is only about the general data processing activities, e.g. the purpose and possible receivers of a data transfer.
-
@Krichel I guess it depends what qualifies as proper identification at any given company then. Because if a company is willing to accept a photocopy of a driver's license or passport as identification both of those documents are very easy to fake when you don't need to replicate the physical security features.
Related Rants
You know GDPR compliance is going to create a whole new form of scam where scammers impersonate users and send data requests to companies to get people's info.
rant
gdpr