EUä¸è¬ãã¼ã¿ä¿è·è¦å(GDPR)ã¸ã®å¯¾å¿ã«åããããã¹ãäºã¾ã¨ã
EUã®å人æ å ±ä¿è·ã«é¢ããæ°ããæ³å¾(General Data Protection Regulation)ã2018å¹´5æ25æ¥ããæ½è¡ããããEUã®å± ä½è ã«å¯¾ãã¦ãµã¼ãã¹ãæä¾ãã¦ãã¦å人æ å ±ãåãæ±ã£ã¦ããæ¥è ã¯ããã¨ãå人ã§ãããã¨ãéµå®ç¾©åã課ããããã
æè¿å¤ãã®ãµã¼ãã¹ããã©ã¤ãã·ã¼ããªã·ã¼ã®æ¹å®ãè¡ã£ã¦ããã®ã¯ãã®ããã§ãããå人ã§ä½ã£ã¦ããèªåã®ãµã¼ãã¹ã«ãEUã®ã¦ã¼ã¶ã沢山ããã®ã§ããããã対å¿ããªããã°ãªããªã(é ã)ã
ä»åã¯EUã®æ³å¾ã«ãããã®ã ããå 容ã¯è³æ¥µçã£å½ãªã客観çã«è¦ãã°å½ããåã®ã«ã¼ã«ã ãå°æ¥çã«ã¯äºå®ä¸ã®ããã¡ã¯ãã¨ãªããã¢ã¡ãªã«ãæ¥æ¬ããã®æ³å¾ã«å£ãã®ã¯æéã®åé¡ã ãããã ãããæ¥æ¬äººåãã®ãµã¼ãã¹ã ãã大ä¸å¤«ãã¨ã»ã£ããããã«ãã¦ããæ¥è ã¯å¾ã çãç®ã«éãã ããã
Twitter社ããã¹ã¯ã¼ãããã°ã«è¨é²ãã¦ãã件ã¯è¨æ¶ã«æ°ããããä»ãããå ¬ã«ãããèæ¯ã«ã¯ããããGDPRãããã®ã§ã¯ãåã ããåé¡ã¯èªèãã¦ãããã©ãæ³å¾ãæ½è¡ãããåã«æ©ãã«ç½ç¶ãã¦ãããã¨ããå æ ãªã®ã§ã¯ã¨å人çã«éªæ¨ãã¦ããã
æ¬ç¨¿ã¯æä½ãµã¼ãã¹ã®GDPR対å¿ã«åãã¦å¿ è¦ãªãã¨ãã¾ã¨ããã¡ã¢ã§ããã
åèè³æ
ã¾ãã¯æ¦è¦ãããã£ã¨ç¥ãããã®è³æãã°ã°ãã°æ¥æ¬èªã§ãããããåºã¦ããã
- EUä¸è¬ãã¼ã¿ä¿è·è¦åï¼GDPRï¼ã®æ¦è¦ã¨ä¼æ¥ã対å¿ãã¹ãäºé ï½æ å ±ã»ã³ãµã¼2017å¹´2æå· EY Advisoryï½EY Japan
- ãããã³ã®å人æ å ±ã®ãã¾ (2/5)ï¼EnterpriseZineï¼ã¨ã³ã¿ã¼ãã©ã¤ãºã¸ã³ï¼
- How GDPR Will Change The Way You Develop â Smashing Magazine
ä»ã®ä¼æ¥ãã©ã®ããã«GDPRã¸å¯¾å¿ãã¦ããã®ããå社ã®ãµã¤ãã«ææ¸ãä¸ãããã¦ããã®ã§åèã«ã§ããã
- DigitalOcean: Cloud computing designed for developers
- GDPR Compliance â Mixpanel Help Center
- GDPR | Evernote
- GDPR FAQs â Todoist Help
ã§ãè¯ããããªè¨äºãè¦ã¤ããï¼
èªåã®ãããªã¦ã§ããµã¼ãã¹æ¥è ããããªããã°ãªããªãäºãå ·ä½çã«åãããããã¾ã¨ã¾ã£ã¦ããããããæ¸ããBozhoã¨ãã人ã¯å âadvisor to the deputy prime minister of a EU country (EUå½å®¶å¯é¦ç¸è£ä½å®)â ã ããã§ããã®æ³å¾ã«é¢ãã£ã¦ãã人ã ããæ å ±ã®ä¿¡é ¼æ§ãé«ãã¨è¨ããã
åºæ¬ã¯ãã®è¨äºã«åã£ã¦ä½æ¥ãé²ããã¨è¯ãããã
æ³å¾ã®æ¦è¦
ãµã¼ãã¹ãä¼ç¤¾ã®è¦æ¨¡ã¯é¢ä¿ãªã
None of the other requirements of the regulation have an exception depending on the organization size, so âIâm small, GDPR does not concern meâ is a myth.
â¦ã ãããªã®ã§è¦æ¨¡ãå°ããããã¨è¨ã£ã¦æ¥½è¦³è¦ã§ããªãã
å人ãç¹å®ã§ããæ å ±å ¨ã¦ã対象
any information relating to an identified or identifiable natural person
ä¾ï¼
- éºä¼åãã¼ã¿
- 身ä½ç¹å¾´ãã¼ã¿ï¼æç´ãè¹å½©ãªã©ï¼
- ä½ç½®æ å ±
- Pseudonymized data (ä»®åãã¼ã¿ï¼ãããããã)
- ãªã³ã©ã¤ã³ID
ãµã¼ããã©ãã«ããããé¢ä¿ãªã
EUå± ä½è ããµã¼ãã¹ãå©ç¨ãã¦ãããªãã°ããµã¼ããã¢ã¡ãªã«ãæ¥æ¬ã«ãã£ã¦ãé¢ä¿ãªãæ³å¾ã®å¯¾è±¡ã¨ãªãã
ç½°åãè¶ éã
- 軽度ã®éå ï¼1000ä¸ã¦ã¼ããã¾ãã¯å年売ä¸é«ã®2ãã¼ã»ã³ã
- 権å©ä¾µå®³ãªã©ã®éå ï¼2000ä¸ã¦ã¼ããã¾ãã¯å年売ä¸é«ã®4ãã¼ã»ã³ã
æ¡ãããããç ´ç£ç¢ºå®ã
以éããããã¹ããã¨ãåæããã
âForget meâ â ã¦ã¼ã¶ã®æ å ±ãå ¨é¨åé¤ããæ©è½
ã¦ã¼ã¶ãã¢ã«ã¦ã³ããåé¤ããéã deleted
ãã©ã°ãä»ãããããã ãã§ã¯è¶³ããªããå
¨ã¦ã®å人æ
å ±ããã¼ã¿ãã¼ã¹ãã®ä»ãµã¼ããã¼ãã£ã¼è£½ãµã¼ãã¹ããæ¹æ¶ããªããã°ãªããªãã
ãã¼ã¿ãã¼ã¹ã®é½åä¸Foreign Keyå¶ç´ã§åé¤ã§ããªãå ´åã¯ãnullableã«ããã¨ãã§å¯¾å¦ããå¿ è¦ããããã¾ãã¯é¢é£ãã¼ã¿ãå ¨åé¤ã
ã¯ã¬ã¸ããã«ã¼ãæ å ±ãè³¼å ¥å±¥æ´ãªã©ãåé¤ãIPã¢ãã¬ã¹ãå¿ããã«ã
Notify 3rd parties for erasure â ä»ç¤¾è£½ãµã¼ãã¹ã«æ ¼ç´ãããã¼ã¿ã®æ¹æ¶
èªãµã¼ãã¹ã®ãã¼ã¿ãã¼ã¹ãåé¤ããã ãã§ã¯è¶³ããªãããµã¼ããã¼ãã£ã¼ã®SaaSãªã©ãçµç±ãã¦æ ¼ç´ããå人æ å ±ãåé¤ç¾©åã®å¯¾è±¡ã¨ãªããä¾ãã°ãSalesforce, Hubspot, twitter, Mixpanel, Stripeãªã©ãAPIã使ã£ã¦åé¤ããã
å½ç¶ãAWS S3ãªã©ã«ã¢ãããã¼ããããã¡ã¤ã«ãªã©ãã¦ã¼ã¶ã«é¢é£ãããã®ã¯å ¨ã¦åé¤ããå¿ è¦ãããã
Googleã¯æ¤ç´¢çµæããåé¤ããæ¹æ³ãAPIã§æä¾ãã¦ããªãããã®å ´åã対象ã®ãã¼ã¸ã§404ãè¿ãããã«ããã
Restrict processing â 管çè é²è¦§å¶é
管çãã¼ã«ãªã©ã§ã¦ã¼ã¶ä¸è¦§è¡¨ç¤ºããæ©è½ãããã°ãã¦ã¼ã¶ã®è¨å®ç»é¢ãªã©ã« âRestrict processingâ ãã¿ã³ãç¡ããã°ãªããªããã¦ã¼ã¶ãããæãã°ãããã¯ãªãã£ã¹æ å½è ã管çãã¼ã«ãçµç±ãã¦å人æ å ±ã«ã¢ã¯ã»ã¹ããã®ãå¶éã§ããããã«ããå¿ è¦ãããã
ããã¯ãããã¿ãããã¨ã¢ã¯ã»ã¹æ¨©éãæ å½è ã«ä¸ããªãããã«ããããã®ã«ã¼ã«ã ã¨æããããèªåã®å ´å管çè ã¯èªåããããªãã®ã§ãç¡è¦ãã¦ããããã
Export data â ãã¼ã¿ã®ã¨ã¯ã¹ãã¼ã
ã¦ã¼ã¶ããµã¼ãã¹ã«æ ¼ç´ãããèªåã«é¢ãããã¼ã¿ãå ¨ã¦åãåããããã«ããå¿ è¦ããããããã¯é常 âforget meâã§åé¤ããããã¼ã¿ãæãããä¾ãã°è³¼å ¥å±¥æ´ãªã©ãç¯å²ã«å«ã¾ããã ããã
èªåã®ãµã¼ãã¹ã«ã¯æ¢ã«ãã¼ãã®ãã¼ã¿ãå ¨ã¨ã¯ã¹ãã¼ãããæ©è½ãããã®ã§ã«ãã¼ãã¦ããã¯ããã¦ã¼ã¶æ å ±ã¯ã¢ã«ã¦ã³ããã¼ã¸ã§è¦ãããã
Allow users to edit their profile â ãããã£ã¼ã«ã®ç·¨é権é
æç½ãªã«ã¼ã«ã ãããã¾ã«è¨±å¯ããã¦ããªããã¦ã¼ã¶ã«é¢ãããããã£ã¼ã«ã®ãã¼ã¿ã¯ååå¤æ´å¯è½ã§ãªããã°ãªããªãã
Consent checkboxes â åæãã§ãã¯ããã¯ã¹
âI accept the terms and conditionsâã ãã§ã¯è¶³ããªããããããã®ãã¼ã¿å¦çã«å¯¾ãã¦åå¥ã®ãã§ãã¯ããã¯ã¹ããã¦ã¼ã¶ç»é²ç»é¢ããããã£ã¼ã«ç»é¢ã«è¨ããããªããã°ãªããªãããã§ãã¯ããã¯ã¹ã«æåãããã§ãã¯ãå ¥ããã®ã¯ç¦æ¢ã
ä¾ãã°ã¢ããªã§ã®ã¦ã¼ã¶è¡åããã©ããã³ã°ããäºã¯å²ã¨ãããããã¦ããããäºåã«æ示çã«è¨±å¯ãåãå¿ è¦ããããä½ãã©ã®ããã«åã£ã¦ã©ãã«ä¿åããã®ããããã©ã¤ãã·ã¼ããªã·ã¼ãªã©ã«æè¨ããã
æ©æ¢°å¦ç¿ãªã©ã§éãããã¼ã¿ã«ã¤ãã¦ã許å¯ãå¾ãå¿ è¦ãããããã ããç§å¦ç 究ã®ç®çã¯ä¾å¤ã
âSee all my dataâ â ãã¼ã¿é²è¦§
ããã¯âExport dataâã®é ã¨ä¼¼ã¦ããããJSON,XMLãªã©ã®æ©æ¢°çãªãã©ã¼ãããã¨ããããã¯ãUIã§é²è¦§ã§ããæ©è½ãæãããã®æ©è½ã¯ãå¿ é (mandatory)ãã§ã¯ãªããããæã¾ãã(desirable)ãã
ä¾ãã°Google Mapsã¯ãã±ã¼ã·ã§ã³å±¥æ´ã表示åºæ¥ããããã
æå°éã®å¯¾å¦æ³ã¨ãã¦ã¯ãEmailéç¥ããããä½ããã¼ã¿ãåãåã£ããã¦ã¼ã¶ã«ã¡ã¼ã«ãããã¡ã¼ã«ã«ã¯ãã®ãã¼ã¿ãä½ã«ä½¿ãããã®ããè¨ãã
Age checks â 年齢確èª
ã¦ã¼ã¶ã16æ³æªæºã®å ´åã¯è¦ªã®åæãå¿ è¦ã¨ãªãã親ã®ç¢ºèªããã¼ã¯ã«ã¼ã«ã«è¨ãããã¦ããªãããã¡ã¼ã«çµç±ãªã©ãèããããã
èªåã®ãµã¼ãã¹ã¯å¤§äººåããªã®ã§ã16æ³ä»¥ä¸ã確èªãããã§ãã¯ããã¯ã¹ãã¦ã¼ã¶ç»é²æã«è¨ããã°ãããã
Keeping data for no longer than necessary â å¿ è¦ä»¥ä¸ã«ãã¼ã¿ãä¿æããªã
ãããã¼ã¿ãç¹å®ã®ç®çã§ä½¿ç¨ãããªããå¿ è¦ãªããªã次第ãããåé¤ãããå¿ååããªããã°ãªããªããä¾ãã°ãeã³ãã¼ã¹ãµã¤ãã§ãã¦ã¼ã¶ç»é²ããã«ååãè³¼å ¥ãããæ©è½ã§åãæ±ã£ãæ å ±ãªã©ã¯ãåå¼ãè¡ã£ã¦ããéããå¿ è¦ãªãã®ã§cronãªã©ã§å®æçã«åé¤ãããå¿ è¦ãããã
Cookies â ã¯ããã¼
Cookieã®åãæ±ãã¯GDPRã§ãå¤æ´ãå ãããã¦ããã®ã§ã¯ã£ããããªããBozhoæ°ã®é¢é£è¨äºãåç §ï¼
以ä¸ã主è¦ãªããã¹ããã¨ãªã¹ããã ã
ãã£ãã»ããããäº
ãã以å¤ã«ããæ³å¾ã«ãã£ã¦è¦æ±ãããå¿ é äºé ã§ã¯ãªããããã¹ããã©ã¯ãã£ã¹ã¨ãã¦æ¨å¥¨ããããã®ãæããããã
- Encrypt the data in transit â ãã¼ã¿è»¢éã®æå·å
- Encrypt the data at rest â ä¿åãã¼ã¿ã®æå·å
- Encrypt your backups â ããã¯ã¢ããã®æå·å
- Implement pseudonymisation â ã¹ãã¼ã¸ã³ã°ããã¹ãç°å¢ã«æ¬çªç°å¢ã®ãã¼ã¿ããã£ã¦ããæã«ãå®åãã¢ãã¬ã¹ã®ã¿ãæ¹å¤ãããã¨ãPreudonymisationã¨å¼ã¶ãæ¨æ¸¬ããã«ããããã« hash+salt/bcrypt/PBKDF2ãªã©ã使ããã¨ãæ¨å¥¨ãããã
- Protect data integrity â âhave authentication mechanisms for modifying dataâ
- Log access to personal data â å ¨ã¦ã®å人æ å ±ã¸ã®ã¢ã¯ã»ã¹ãã誰ãä½ã«ä½ã®ããã«ããã®ããã°ã«è¨é²ããã
- Register all API consumers â å¿åã§ã®APIã¢ã¯ã»ã¹ã許å¯ããªã
ãããªãã»ããããäº
- Donât use data for purposes that the user hasnât agreed with â ã¦ã¼ã¶ãåæãã¦ããªãç¨éã§ã®æ å ±å©ç¨ãããªã
- Donât log personal data â å人æ å ±ããã°ã«æ¸ãåºããªã
- Donât put fields on the registration/profile form that you donât need â ä¸è¦ãªãã¼ã¿ãç»é²ãã©ã¼ã ã§åãåããªã
- Donât assume 3rd parties are compliant â ä»ç¤¾ãµã¼ãã¹ãGDPRæºæ ãã¦ããã ããã¨å®æã«æ±ºãã¤ããªã
èªåã®å ´åããã¨ãã¨ã»ã³ã·ãã£ããªãã¼ã¿ãåãæ±ããµã¼ãã¹ã®ããæ°ãã¤ãã¦ããã®ã§ãããã¾ã§å¤§ããªå¤æ´ã¯å¿ è¦ãªãããã§è¯ãã£ããããããããGDPR Compliantã§ãããã¨ã示ãææ¸ã®ç¨æã®æ¹ã大å¤ããã ã
Data Processing Agreementã¨ãæ¸ãã¹ããªã®ãã»ã»Digital Oceanã®ãã¤ããã³ãã¬ã«ãã¦ä½ããããªã
以ä¸ãåèã¾ã§ã