Compliance Self Assessment Test | Chino.io

Compliance Self-Assessment

Check what are your privacy requirements based on data you are collecting

Do you collect any data about your users?

Do you store data on your servers or in cloud?

Do you collect anonymous data?

What data are you collecting?

OK!

It looks like you are safe

If you don't collect users' data then data protection laws do not apply to your business.

However, if you still manage confidential data (project files, 3D models, etc), Chino.io can provide you with a secure and reliable storage/backend service. Check here for more info.

BE CAREFUL

Anonymous data

Sometimes it's very difficult to ensure data anonymity. For example check these two cases:

EU Commission advisory body (Article 29 Working Party) suggests to protect also anonymous data and consider them as personal data. Ensuring non-linkability and avoid re-identification is challenging and needs to be re-ensured over time since technology and datasets availability are evolving rapidly.

For more info check the Article 29 Working Party Opinion 02/2013 on apps on smart devices.

In case you are managing sensitive data check how

BE CAREFUL

Storing data locally

Storing data on devices or local memories simplifies your privacy related requirements. For example usually there is no need to inform Data Protection Authority about processing. For more info check this Article 29 Working Party Opinion 02/2013 on apps on smart devices.

However, according to the above Opinion this practice is not generally considered a good security practice since it is difficult to erase date from the devices in case of its thefts or losses. In addition, you must ensure that data on device are encrypted.

Instead, saving data on a server-side will increase your privacy related requirements, but will increase also data security in case of devices malfunctioning, accidents, losses or thefts.

For more info on how to transfer and store data securely on server-side

BE CAREFUL

Personal data

You are managing personal data and according to EU privacy laws you must ensure specific requirements to inform users and protect data.

From administrative point of view they include:

  • Collect users' consent for data processing
  • Define and display properly on your website or app a Privacy Policy
  • Process data lawfully

While from technical point of view you must:

  • Ensure access control
  • Store data in a safe place
  • Provide other safeguards to protect data

For more info check these sources:

If you think you need more security protection check how

ATTENTION!

Sensitive data

You are collecting and managing a special category of personal data called "sensitive data".

According to current EU and Member States' privacy laws, managing sensitive data impose special security requirements from administrative and technical points of view.

to securely store and manage your data

ATTENTION!

Pseudonymous data

When storing sensitive data without storing also personally identifiable information, then such data can be considered pseudo-anonymised.

Although pseudonymous data do not reveal directly the identity of data subjects, it can be combined with other external information to reveal people identity. For example check these two cases that lead to big privacy scandals:

Therefore, even though pseudonymization is considered as a good security practice, it is very challenging to implement it properly, and data is still considered personal and need to be protected according to EU laws.

to securely store and manage your data

ATTENTION!

Potentially sensitive

According to the current EU Data Protection Directives , if you collect data that could disclose users' health status then this data is considered privacy sensitive and you must apply additional security safeguards.

To start verifying if data you are collecting is sensitive or not, please check our blog post on this topic.

to securely store and manage your data