Recommendation : 1. Reduce the impact of data from its storage and access
Is sensitive data collected ?
Data processing
A People
B Planet
B Prosperity
Difficulty
*
Priority
High
Récurrence
OnUpdate
Tests
How much data is identified as sensitive under the GDPR?
Precisions
The data that users entrust are under your responsibility and users must be kept informed of the care you take to ensure the confidentiality of this data. The GDPR imposes a framework for personal data but does not cover other categories that deserve the same precautions. The processing register, the GDPR PIA must be carried out, updated and validated by the DPO (Data Protection Officer). Data exchanged with other service providers must be subject to a liability analysis. Limiting the collection of sensitive data, beyond respect for the user, also reduces the burden and responsibility of administering this personal data.
Use Case
GDPR compliance documents
Additional elements
Operational issues related to the project
Rule for assessing the level of compliance of the criterion
Number of private data analyzed / Number of private data
Life cycle
Conception
19 other criteria related to the recommendation: Reduce the impact of data from its storage and access
Data
Is the number of requests kept to a minimum (no looping) ?
Data
Is an alternative to SQL queries used when possible (local storage or similar) ?
Data
Do implemented queries use joins rather than multiple queries ?
Data
Can data be backed up incrementally ?
Data
Is the removal of obsolete data being managed ?
Data
Are database indexes consistent with operations ?
Data
Is an alternative to the relational model being considered ?
Data
Is a NoSql solution more efficient than its relational equivalent ?
Data
Have the different data access solutions (queries, triggers, stored procedures) been tested ?
Data
Are EXPLAIN clauses used on "Slow queries" to optimize indexes ?
Data
Are the slow query detection thresholds set effectively ?
Data
Are "live" and "dead" data handled differently (eg: Slow storage for "dead" data) ?
Data
Is frequently accessed data available in RAM ?
Data
Are data replications between multiple Database Engine (Cluster) instances appropriate for sensitivity and availability requirement ?
Data processing
Does the data have an expiration date when it is deleted ?
Data processing
Is the data collected really useful ?
Data processing
Does the API provide limits, filters and the list of fields to return ?
security
Is sensitive user data secure ?
Data processing
Does regulated data (personal, health, financial) comply with the recommendations for structuring these categories of data ?