GDPR... what are you going to do?

Forums › IT Pro and developers › GDPR... what are you going to do?

1 | 2 | 3 | 4

nunz

1421 posts

Uber Geek
Inactive user

#2026268 31-May-2018 14:13

Behodar:

raytaylor: If the website provider says "we had a hacker or someone sharing music that came in from 100.101.102.103:14291" we can instantly say well thats customer ip address 100.101.102.103 - john doe from york street.

As an ISP you can do that, but I was using the perspective of a site owner. If I understand correctly, the only information I can get out of a CG-NAT IP address is the ISP that it's allocated to. Without actually contacting the ISP (which would presumably involve its own privacy policy etc) I can't get any end-user details out of a CG-NAT IP address. Please do correct me if I'm wrong!

Many businesses and other organisations have fixed IP addresses. Doing reverse ip lookups, dns lookups and traceroutes returns a lot of information about who is at the other end. end users leave traces too which can be tracked. We got one guy who was attacking a business with DOS type spam attacks via his ip address as we then linked it to a post made in an online chat / BBS which had enough information to tie two data sets together. We contacted his isp - who told us he wasn't with them as they had banned him, then had to retract and recorrect as he was back online with them.

On its own an ip address doesn't tell much but if you add enough information from other sources it starts to add up - sometimes. Jo average home user not so much - unless they have kids playing online games and then the wealth of possible material increases. Clients daughter getting some pretty nasty bullying anonymously online. We could trace an ip address but no idea who it was - until we sent an email to a likely source, with return receipt attached, and when it came back to us was could link the two - and deal with the parents and principle to get things stopped.

Generally dealing with a problem from a person you have to talk to the isp who owns the block and trust they will do their job. They wont however confirm if there is a person or what they do - seems to be a breach of privacy.

nunz

1421 posts

Uber Geek
Inactive user

#2026275 31-May-2018 14:21

gnfb:

I just went to a service called Docular after downloading there a plugin for Wordpress that suggested they would provide the means free of charge to create a relevant privacy policy for ones website, to make it GDPR compliant.

All is true BUT when you get to the interactive template you are presented with a myriad of options, choices, selections etc.

I estimate it would take a month of Sundays to figure it out and find out what xyz means and what you put where etc.

Forget it! I am sure the academics and professionals will salivate at all the work. Meanwhile, Joe Bloggs doesn't stand a chance!

So

If whoever is running this show over in the EU decides that they are going come down on that little Wordpress site, in little old kiwi land, apparently you get a few chances to fix it before they hit you with big fines.

I'm thinking if that is the case lets wait till they bark before I jump?

Just a side thought I wonder if its possible to somehow ban block etc the eu from the site and if one did that would that be a avoiding the need to comply with all this BS , sorry consumer and individual protection.?

Ok have at me.

Yes you can. There are databases of ip blocks tied to country codes, isps etc. Also there are tools that will track an ip address, check the route it took and then report back likely location based on routing via major international gateways. If someone is connecting to you and you don't know where they are from checking the path back useually leads to international gateways and those are a much smaller dataset to work with.

https://wordpress.org/plugins/ip-geo-block/

https://wordpress.org/plugins/iq-block-country/

https://www.sourcewp.com/best-wordpress-plugin-to-block-countries/

also Antispam Bee Plugin

You can also kill connections using .htaccess and country codes e.g. block .cn to block china.

Lastly - tool here to produce routing tables etc - to block traffic from certain countries. https://www.ip2location.com/blockvisitorsbycountry.aspx

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2026350 31-May-2018 16:15

Folks, this has gone completely off topic. Back to GDPR.

premiumtouring

355 posts

Ultimate Geek

#2039653 18-Jun-2018 13:07

http://www.gitlab.com

GitLab's Cookie Management interface is very cool!

MikeAqua

7773 posts

Uber Geek

#2039698 18-Jun-2018 13:31

Nothing. Our clients and providers are wholly within NZ.

I can't see how we would infringe and if we do the EU has no jurisdiction.

Mike

outdoorsnz

674 posts

Ultimate Geek

#2039891 18-Jun-2018 16:29

Question I have on GDPR. I'm a website developer and maintain a website for a client. Advise client they need to add a privacy policy etc. Now if they do nothing, and the EU decided to fine. Who is liable?

nunz

1421 posts

Uber Geek
Inactive user

#2040031 18-Jun-2018 20:59

outdoorsnz:

Question I have on GDPR. I'm a website developer and maintain a website for a client. Advise client they need to add a privacy policy etc. Now if they do nothing, and the EU decided to fine. Who is liable?

Your client unless you contracted to add a gdpr policy and didn't do what you were contracted to do. Once the site is created - its all on them other than what you contract to do.

A good overview of what is required to be compliant is found here : https://www.hallaminternet.com/how-to-make-your-website-gdpr-compliant/

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.