Privacy laws

> Hi Harry, Pierre,
>
> About privacy laws, it depends if the data in ofbiz is stored on a hosting
> server in Europe or in the United States for example. If the data is stored
> in Europe, the privacy law of Europe is there.
>
> Eric
>
> Olagos bvba
> Heidi Dehaes
> Kerkstraat 34
> 2570 Duffel
> Belgium
> Tel. :     015/31 53 04
> GSM :    0485/22 35 80
> E-mail : [hidden email]
> http://www.olagos.eu
> http://www.olagos.com
> http://www.olagos.be
> http://www.olagos.nl
>
>
>
> 2017-11-20 13:22 GMT+01:00 harry mead <[hidden email]>:
>
> > Hi everyone,
> >
> > Does anyone know the privacy laws (im based in the UK) regarding the
> > personal information that is handled and stored on apache ofbiz, and if
> so
> > the best way to go about it.
> >
> > Thanks in advance
> >
> > Sent from my iPhone
>

> HI Pierre,
>
>
> Thanks for the quick response,
>
>
> Yes this is in relation to GDPR compliance.
>
>
> Currently it is going to all be based in the UK, then expanded.
>
> is all the data automatically encrypted on Apache ofBiz, or is there a
> process to ensure that we have fulfilled all of the GDPR requirements and
> the law.
>
>
> Many thanks,
>
>
> Harry
>
> ________________________________
> From: Pierre Smits <[hidden email]>
> Sent: 20 November 2017 12:57
> To: [hidden email]
> Subject: Re: Privacy laws
>
> Hi Harry,
>
> As far as I can tell, we don't have any information on hand regarding the
> applicable laws that are applied to personal information stored in OFBiz.
>
> Are you questioning this in relation to GDPR compliance?
>
> Best regards,
>
> Pierre Smits
>
> ORRTIZ.COM <http://www.orrtiz.com>
> OFBiz based solutions & services
>
> OEM - The OFBiz Extensions Marketplace1
> http://oem.ofbizci.net/oci-2/
> Promotions: OEM Store<http://oem.ofbizci.net/oci-2/>
> oem.ofbizci.net
> This site has been created by Pierre Smits, an Apache OFBiz Contributor.
> Apache, the Apache feather logo, Apache OFBiz, OFBiz and the Apache OFBiz
> logo are ...
>
>
>
> 1 not affiliated to (and not endorsed by) the OFBiz project
>
> On Mon, Nov 20, 2017 at 1:22 PM, harry mead <[hidden email]>
> wrote:
>
> > Hi everyone,
> >
> > Does anyone know the privacy laws (im based in the UK) regarding the
> > personal information that is handled and stored on apache ofbiz, and if
> so
> > the best way to go about it.
> >
> > Thanks in advance
> >
> > Sent from my iPhone
>

> Hi Harry,
>
> On 21 November 2017 at 01:51, harry mead <[hidden email]> wrote:
>
>
>> is all the data automatically encrypted on Apache ofBiz, or is there a
>> process to ensure that we have fulfilled all of the GDPR requirements and
>> the law.
>>
> "automatically encrypted" applies to several different facets of an
> application. For example, you would use TLS to encrypt data in transit from
> a browser.
>
> One security risk is that someone with basic file read permissions can dump
> the contents of a data file used by a DBMS with software other than the
> DBMS, and extract sensitive information like credit card numbers. Some
> databases have the option of transparently encrypting all data "at rest",
> sometimes known as Transparent Data Encryption (TDE), which eliminates that
> risk. It's "transparent" in the sense that the data is encrypted while at
> rest in a data file, without you doing anything different in your
> application or your queries. TDE will add some processing overhead and will
> mean your data does not compress well.
>
> MariaDB can do this (
> https://mariadb.com/kb/en/library/data-at-rest-encryption/), as can Oracle
> and Microsoft SQL Server. I'm no Postgres expert, but from what I've seen I
> think you need to call encryption functions as you store data, so it's not
> transparent.
>
> Cheers
>
> Paul Foxworthy
>