Yii Framework Forum: GDPR compliance - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

GDPR compliance Rate Topic: -----

#1 User is offline   pczi 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 11-November 17

Posted 11 November 2017 - 06:09 AM

Searching the web, I did not find any useful information or best practice concerning GDPR compliance of a XAMP or more specifically a Yii web application.

GDPR is the biggest shake-up in European data protection legislation for 30 years. Organizations have less than two years to ensure that their data protection processes are compliant. Most organizations will struggle to meet the May 25, 2018 deadline.

Although the General Data Protection Regulation (GDPR) is not prescriptive, it suggests the use of encryption and pseudonymization as approaches to protect sensitive data, but that leaves many questions.

My first impression is that a lot of procedures have to be put in place but on the IT side, they recommend encryption for:
- data at rest (data that is not actively moving from device to device or network to network such as data stored on a hard drive, laptop, flash drive, or archived/stored in some other way)
- data in transit or data in motion (data actively moving from one location to another such as across the internet or through a private network)

Encryption plays a major role in data protection and is a popular tool for securing data both in transit and at rest:
- For protecting data in transit, enterprises often choose to encrypt sensitive data prior to moving and/or use encrypted connections (HTTPS, SSL, TLS, FTPS, etc) to protect the contents of data in transit.
- For protecting data at rest, enterprises can simply encrypt sensitive files prior to storing them and/or choose to encrypt the storage drive itself.

My questions:
- is https with a selfsigned letsencrypt certificate enough to secure data in transit ?
- has anyone a best practice or a howto for encrypting data stored in MySql/MariaDB to secure data at rest ?
- data access and changes have to be logged, is there any Yii or Mysql extension which can take care of this ?
- what about apache logs?
0

#2 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 5,184
  • Joined: 17-January 09
  • Location:Russia

Posted 11 November 2017 - 06:47 AM

Quote

- is https with a selfsigned letsencrypt certificate enough to secure data in transit ?


Fully secure — no. Secure enough — yes.

Quote

- has anyone a best practice or a howto for encrypting data stored in MySql/MariaDB to secure data at rest ?


https://mariadb.com/...est-encryption/

Quote

- data access and changes have to be logged, is there any Yii or Mysql extension which can take care of this ?


Yes. There are many such as https://github.com/bedezign/yii2-audit (I haven't used any myself, did it in base AR model).

Quote

- what about apache logs?


Archive em.
Yii 2.0 Development Cookbook

Enjoying Yii? Star us at github

Support me so I can work more on Yii: https://www.patreon.com/samdark
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users