RejectedSoftware Forums

Sign up

GDPR and http://code.dlang.org

Might there be a problem with not using https for the site in regard to the GDPR (May 2018!).

Since there's data stored (username, e-mail, password) and transmitted unencrypted?!

Re: GDPR and http://code.dlang.org

Am 06.03.2018 um 16:19 schrieb Timoses:

Might there be a problem with not using https for the site in regard to the GDPR (May 2018!).

Since there's data stored (username, e-mail, password) and transmitted unencrypted?!

Not sure about what actually applies, since this is non-commercial, but
I've switched to HTTPS-only now to get a feeling for the performance and
stability/connectivity implications.

Storing the login related data should hopefully still be allowed without
explicit consent of the user, even if the commercial rules apply, since
they are required for the basic operation of the site. We may still
require a proper privacy statement, though...

Re: GDPR and http://code.dlang.org

On 2018-03-07 16:34, Sönke Ludwig wrote:

Not sure about what actually applies, since this is non-commercial, but
I've switched to HTTPS-only now to get a feeling for the performance and
stability/connectivity implications.

Storing the login related data should hopefully still be allowed without
explicit consent of the user, even if the commercial rules apply, since
they are required for the basic operation of the site. We may still
require a proper privacy statement, though...

  • You should only request data from the user that is actually required
    for the functionality
  • You need to provide a way for the user to remove all data stored
    related to the user

And a whole bunch of other things I can't remember right now.

/Jacob Carlborg