IT-Security: The Legal Stuff

These are just some notes I took. I have no idea, please leave me alone.

You are not allowed to collect any data relating to a specific person unless the person explicitly consents.

If you collect personal data you have to adhear to the following 10 specifications:

Note: Some of these seem like duplicates and are super weirdly phrased. I think this is due to legal jargon that has some reason or another.

• Access Control: Access to data processing facilities used to process personal data must be denied to unauthorized persons.
• Storage Medium Control: Prevent reading, copying, modifying, and the removal of storage mediums.
• Storage Control: Preventing unauthorized input, access, modification, or deletion of stored personal data.
• User Control Preventing the use of data transmission equipment by unauthorized persons.
• Access Control 2 electric boogalo: Users may only access data in accordance with their access permissions.
• Transmission Control: Determining whether and to which entities personal data may be transmitted.
• Input Control: It must be possible to determine what data is entered into the data processing system, when, and by whom.
• Organizational Control: Organize the responsible body in a manner that ensures compliance with data protection requirements.

Any user has the right to get information about the data you are storing, request the correction of faulty data, request the deletion or blockage of said data, object to the collection of personal information, and may be liable for the compensation of any damages.