DEV Community: robertosullivan

The Best Ways of Staying GDPR Compliant

robertosullivan — Fri, 08 May 2020 06:44:50 +0000

In the digital age, compliance is a responsibility that cannot be avoided. With the introduction of new data laws, businesses of all sizes need to ensure that they are operating within the constraints of various sets of regulations. Data privacy laws have been enacted over the last three decades to protect the rights of individual consumers, and every global region is under the jurisdiction of at least one set of regulations.

Data laws generally give guidelines on the collection, storage and processing of personal data, and each set of regulations varies in terms of how strict or thorough they are. Companies that are engaging customers in one country may be subject to the laws of that country, even when the company is not based there.

What is the GDPR?

The General Data Privacy Regulation (GDPR) is the set of data privacy regulations that applies to countries within the European Union. It became enforceable in 2018, and also applies to the United Kingdom after leaving the EU. The laws give each member state the freedom to develop their own additional data regulations within that country.

The GDPR has the highest standard of data protection in the world, and it is the most far reaching and strictly enforced. The GDPR laws apply to all businesses with customers that are EU citizens.

The GDPR can levy fines that are as high as €20 million, or four percent of the organisation’s annual revenues. Fines can be incurred by failing to meet standards, report data breaches or reporting them too late. In 2019, British Airways was fined €204,600,000 after poor cybersecurity levels caused a data breach of 500,000 customer records.

How to stay compliant

With such severe penalties, any organisation that deals in personal data should be careful to meet GDPR compliance, regardless of where they are based. Here are some recommendations for staying on the right side of the GDPR:

Follow the GDPR concepts and articles

As information is processed in most stages of business operations, the GDPR impacts the majority of business processes, so familiarisation with the fundamentals should be a priority. Key terms used in the regulations are: data subject, data controller, personal data and data processor.

GDPR Article 5 relates to the principles of processing personal data, and article 6 relates to the lawful bases of this processing. Articles 12 to 22 relate to data subject rights, while Articles 25 and 32 relate to the measures organisations should have in place to protect personal data.

Hire a GDPR consultant

If your firm doesn’t have the necessary resources to devise effective GDPR strategies, expert consultation could be the best place to start. This can ensure that processes are altered accordingly and compliance is achieved.

It is also a good idea to designate a GDPR specialist within the organisation. This could be someone in the IT or HR department who will be responsible for making sure compliance is achieved.

Carry out a data Audit

GDPR requires businesses to carefully organise all of their personal data. This means knowing exactly where it is stored – on servers, applications, the cloud, mobile devices or emails. There must be a legal reason for storing and processing all personal data, and individuals have the right to access, delete and be informed of all uses of their data.

The next stage will be data mapping, in which the flow of data is mapped so that areas of potential GDPR compliance difficulty can be identified.

Give employee training

As the GDPR represents a considerable business change project, employees should understand the importance of data privacy. Staff also need to be trained in GDPR principles, and the new procedures that will be implemented as a result of the regulations.

Update your privacy policy

It is essential to make the necessary changes to your privacy policy concerning your use of data. This is the place that organisations can show they are aligned with GDPR regulations, and it could also contain evidence of your failure to meet them.

The privacy policy must communicate to data subjects the legal reasons for processing their data, how it will be used, how long it will be kept for, how they can complain if they need to, and all of their GDPR rights relating to the data. The language used must be clear and easy to understand.

Adjust your website

There are some changes to websites that may be necessary under the GDPR, most of which relate to forms and cookie consent.

As forms are used for gathering information, these will probably all need to be adjusted. There is no one way of doing this, and in many cases the service provider will have the best solution.
Where cookies or trackers are used, data subjects need to be informed. Consent for the cookies need to be obtained first, which can also be gained through a variety of methods.

The GDPR represents a considerable change for businesses that process customer data, and it is much more far reaching than just Europe. It may seem like a headache for small businesses and entrepreneurs, but it can also be the chance to develop more organised and efficient processes in a time when data is everything.

Key Cloud Migration Considerations

robertosullivan — Sat, 02 May 2020 02:27:06 +0000

The world is gradually moving in the direction of the cloud. This process is not even happening slowly, and the cloud industry is rapidly expanding. Gartner forecasts a 17 percent growth of the global public cloud services market, to reach revenues of $266.4 billion in 2020. This technology that we have gradually taken for granted represents a major shift in business processes and strategies.

Here are some of the things to be considered in making that migration:

Public, private or hybrid?

This is a big question, as cloud computing models are typically divided into these categories.

Public cloud services are operated and owned by a third-party service provider and they are usually lower in price. The services are delivered over the internet, they are reliable and do not require maintenance.

Private cloud solutions are dedicated to a particular organisation and they are not shared. They offer more efficiency, scalability and flexibility.

Bespoke or ready made?

When choosing cloud-based software solutions, enterprises frequently need to choose between bespoke or off-the-shelf software. In a similar way that public and private cloud models can be more general or specific to meet the needs of the individual business, cloud software solutions can also be universal or custom designed.

Bespoke, custom or tailor-made software is built around the particular needs of a business. This is usually more expensive and will take longer to develop, but it is more agile and easier to maintain.

What to migrate?

Without a doubt, migrating to cloud is an undertaking that calls for a great deal of clear and coherent planning. This may involve planning for both the applications that are to be migrated, and the order in which they will be migrated.

Interoperability with other cloud-based applications could be required, as well as development changes that will allow apps to operate in a cloud environment.

Data may need to be migrated for some apps. This data should be organised and cleaned, which can help to improve the performance of an app.

Is it secure?

All organisations should implement clear and well-defined security policies regarding the security of cloud applications. This is to ensure that security is kept to a required level. For certain areas this can be more relaxed, where responsibility can be ceded to the cloud service provider.

Physical or virtual appliances can also be integrated that improve the cloud infrastructure or help in meeting compliance.

Whether it is native or third-party security providers, solutions should always be in place to protect data after it is migrated. It is also a good idea to use encryption, such as MFA.

How to test?

Once applications and data have been migrated to cloud, the migration needs to be validated and the applications tested.

This means developing a test plan that includes: access, permissions, integrations, performance testing and application capabilities testing. Testing is an essential part of any migration plan, and must not be overlooked.

While some resistance to cloud technologies remains, the movement towards a cloud-based future is inevitable. Provided that every cloud migration is carried out with careful planning and expert advice, success will surely prevail.

Key Cloud Migration Considerations

robertosullivan — Sat, 02 May 2020 02:21:59 +0000

Here are some of the things to be considered in making that migration:
Public, private or hybrid?
This is a big question, as cloud computing models are typically divided into these categories.

Private cloud solutions are dedicated to a particular organisation and they are not shared. They offer more efficiency, scalability and flexibility.

Hybrid cloud is a use of both of the two models, such as applying private cloud to more sensitive data and processes, and using the public cloud for higher volume and lower security needs. This approach may offer more control, flexibility and cost effectiveness.

Bespoke or ready made?
When choosing cloud-based software solutions, enterprises frequently need to choose between bespoke or off-the-shelf software. In a similar way that public and private cloud models can be more general or specific to meet the needs of the individual business, cloud software solutions can also be universal or custom designed.

Off-the-shelf software is developed for a wider market of users. It is available immediately and at a lower cost, and it has more options in community support. However it may not address all of your business needs, and it will also have some features and functionality that will be left unused.
What to migrate?
Without a doubt, migrating to cloud is an undertaking that calls for a great deal of clear and coherent planning. This may involve planning for both the applications that are to be migrated, and the order in which they will be migrated.

Interoperability with other cloud-based applications could be required, as well as development changes that will allow apps to operate in a cloud environment.

Data may need to be migrated for some apps. This data should be organised and cleaned, which can help to improve the performance of an app.
Is it secure?
All organisations should implement clear and well-defined security policies regarding the security of cloud applications. This is to ensure that security is kept to a required level. For certain areas this can be more relaxed, where responsibility can be ceded to the cloud service provider.

Physical or virtual appliances can also be integrated that improve the cloud infrastructure or help in meeting compliance.

Whether it is native or third-party security providers, solutions should always be in place to protect data after it is migrated. It is also a good idea to use encryption, such as MFA.
How to test?
Once applications and data have been migrated to cloud, the migration needs to be validated and the applications tested.

What are the Most Accessible MVC Frameworks for Beginners?

robertosullivan — Thu, 26 Mar 2020 01:12:34 +0000

If you can write code directly in Java, PHP or Ruby, then that’s great. I’m happy for you. But many of us aren’t at that stage yet, and perhaps will never be. So, what we really need is a software design pattern that can make things just that little bit easier.

This is where the MVC framework comes in. This gives the design of web apps a structure, and separates things out into:

MODEL – the data centre that receives instructions from the controller
VIEW – the visual side of your app, so how it appears in the browser
CONTROLLER – the control system that is between the client side and the model objects

When it comes to these frameworks, there are more than a few to choose from. Some are definitely more tricky to contend with, so here’s my breakdown of the ones that keep things simple.

One great thing about cloud-based development frameworks is that they can offer a high level of security, which is also beneficial for cloud-based data.

Ruby-on-Rails

The great thing about Rails is that it does everything that is needed to create a web app, in a simple and easy way. There is an excellent official library that makes clear how to build your own web app, and a great deal of online resources, tools and communities that mean the beginner can learn everything at home. And as programming goes, it really is simple! It's a secure, cloud-based solution with a clear syntax and a pragmatic WYSIWYG approach. Rails is the perfect starting point for the coding newbie.

Laravel

This is a PHP framework that is aimed at making web development more fun for the kids. And also for the grown up kids like myself. It does this by making the complicated tasks, such as routing, caching and authentication, more straightforward. And it manages this without losing functionality. It also has some attractive templates, simple syntax, good tutorials and a wide community to draw from.

AngularJS

This is an open-source, front-end JavaScript framework. It’s most often used for developing SPAs (that’s single-page web applications – not the place you go for beauty treatment). This means you’re actually writing the web pages in the browser, rather than the browser opening up a new page that’s already been written. Which is quite refreshing to those of us who are more used to dealing with front-end script in a code editor.

AngularJS has JSON-based processing that makes it easier to work with dynamic rendering, and it is best for front-end development. Though it’s easy at first, AngularJS may take a bit of JavaScript knowledge to truly understand.

Django

Python is currently top of the charts in terms of trending programming languages, so learning a solid framework based on Python couldn’t be such a bad idea. Django is also one of the most popular Python frameworks. It is flexible, scalable and can be used for more basic projects just as easily as it can work for the big time. Django goes easy on the beginner, but it still needs some time to be put into learning. It works on the principle, ‘don’t repeat yourself’, and most of the time it’s fast and simple.

Spring

Not a big name framework, but for those with an interest in Java, this deserves a look. Java is still in the top three programming languages, so having some knowledge of a Java framework under your belt could be useful. Spring is currently gaining popularity in back-end development, especially for working on J2EE apps, and is used by TicketMaster and Wix. It’s a good one for the beginner because it’s relatively easy to learn and has a great ecosystem and online resources.

React

Another one for the JavaScript addicts, it is not technically a framework but a JavaScript library that’s used to create user interfaces. Similar to AngularJS, it is also an SPA and only deals with sending data from the client side to the back end, so extra libraries need to be added for routing and GUI controls to create a web app. React is efficient and flexible, and it helps in the learning of Vanilla JavaScript – that’s plain old JavaScript before any framework gets to it.

ASP.NET

ASP.NET from Microsoft concentrates on the server side, and can be used to build dynamic web pages and applications. It has a great way of keeping dynamic apps simple, and minimising the amount of code needed. This is another framework that is quite easy to learn for the beginner, though it does help with a little knowledge of the C# language.

Well, I’ll be honest – it’s never gonna be easy all of the time. There will always be moments of pulling your hair out and waving your hands around frantically, but that’s just coding. As long as you pace yourself and look to your resources and community for help, anything is possible. And yes, sometimes it does take time so take that into consideration. But where there’s a will… you know the rest ;-)