Hunter Nelson

Post Archives

GDPR Purpose Limitation of PII

GDPR Principles: Purpose Limitation

By Hunter Nelson | October 29, 2018

The GDPR’s purpose limitation principle constrains the use of personal data to the original purposes or those purposes compatible with the original purpose.  There are a handful of pre-approved compatible purposes such as archiving purposes in the public interest, scientific and historical purposes, and statistical purposes. Under the GDPR, the burden falls on controllers and processors to document their purposes and reasoning behind them.  These must be documented externally to be transparent to the end user, and internally with regular audits. Care must be taken when deciding a purpose is compatible with the original.  An analysis must be conducted to determine compatibility and it’s a good idea to document the reasoning behind claiming a purpose is compatible with the original. Make sure to consider linkages to the original purpose, and consequences to the end user.

Lawfulness, Fairness, and Transparency

GDPR Principles: Lawfulness, Fairness and Transparency

By Hunter Nelson | October 23, 2018

The first principle of the GDPR, Lawfulness Fairness and Transparency focuses mostly on the underlying reasons for collecting and processing personal information and how it will be used.  It outlines the need for a lawful basis for processing and discusses the 6 bases for processing that have been identified. The bases of consent is the most recommend basis and organizations would do well to ensure they establish proper consent collection mechanisms.  It ensures that data is collected fairly and that the collection does not present unjust injury to an individual or group of individuals, regardless of how many other individuals are unaffected.  It ensures that organizations are being transparent in the way they inform their users on the type of information that is collected and the way it will be processed and used.  The responsibility lies within the collecting organization to document compliance with principles of the GDPR.  Establishing a process for documenting a lawful basis for processing, fairness, and transparency in collection will leave organization prepared for regulatory scrutiny, help avoid lawsuits and fines.  

SteadyHOPS in The Cloud

Diving into the Cloud

By Hunter Nelson | October 14, 2018

Before the Cloud Large capital outlays to begin a digital transformation have historically been a barrier for small and medium sized businesses to compete with larger corporations.  The cost of servers, data center space, and skilled personnel to configure and manage hardware alone can be enough of an expense to pull the plug on a…

SteadyHOPS and the GDPR

SteadyHOPS and the GDPR

By Hunter Nelson | October 14, 2018

The General Data Protection Regulation (GDPR) and Data Protection Act of 2018 (DPA) are complex, in depth, complementary legal documents which act as a code of conduct for businesses involved in the processing of personal data.  Henceforth these regulations will be referred to as the GDPR. There are many aspects of compliance with these regulations and the best place to keep up to date and understand aspects of compliance is the Information Commissioner’s Office’s (ICO) Guide to General Data Protection Regulation.  This article highlights the aspects of compliance that SteadyHOPS provides.

concerns about moving applications to the cloud

Cloud Development, Code Quality, and Cost Savings

By Hunter Nelson | August 26, 2018

Are you considering moving applications to the Cloud and questioning the readiness of your current development staff for such a move?  Well, rightfully so. In the Cloud realm, where everything costs a penny here and a nickel there, organizations are putting a fresh focus on cost.  When you pay for computing resources as you go instead of a flat…