The new European General Data Protection Regulation (GDPR) will start to apply uniformly in all Member States on 25 May 2018. The GDPR is a set of regulations designed to protect the personal data of EU residents and enforce data privacy rules. It also shows how organizations collect, store and use personal information.
1KA is an open source application that supports and combines all the stages of the data collection process through online surveying. In this context, a registered user 1KA, who is the author of a particular survey (and related data), plays the role of a controller, and the 1KA application has the role of a processor.
The Center for Social Information Informatics (Faculty of Social Sciences, University of Ljubljana) is responsible for all 1KA installations located on the servers of the centre, so that the installations comply with the GDPR requirements. Installations are based on the Linux operating system (RedHat). This includes the main installation www.1ka.si as well as all subdomains * .1ka. In this context, an upgrade has been carried out, which provides the following functionalities:
A. Full Encryption (Encryption) of Backup MySQL Database:
Regular backups are encrypted (PGP) and transmitted to a data storage system (QNAP disk server) via a tunnel (VPN) and encrypted transfer (Secure Copy).
Since the SQL database is on the same virtual server as the web server, on which the entire file system is encrypted, the database itself is not further encrypted. In addition, such additional encryption does not introduce additional security in the event of a web server invasion.
In case of installation on a virtual guest within a cluster, which is an example of the installation www.1ka.si, it is necessary to ensure that the hosting provider explicitly and by contract provides encrypted file system for the virtual server. This prevents access to data in case of invasion (or other forms of unauthorized access) to the host of the virtual server or server cluster. Similarly, the host server where the 1KA installation is located must, on the basis of Article 28, conclude a separate annex with the data processor where the responsibilities are defined.
B. Logging with logs using the Linux Audit daemon:
The system for registering system events for the audit daemon is installed on the server. It is set up to record the following:
any user login and user privileges increase in the system,
all running programs and terminal commands of any user (including system users such as web, cron, ...),
access (reading, writing) to all subfolders on the file system by installing 1KA (1KA web root),
accessing (reading, writing) to folders on a file system that contains databases,
in combination with the audit daemon, all SQL queries are recorded in the SQL log files.
Log of data logs are secured and encrypted on a secondary server on a different location (VPN, rSync via SSH) - the deletion of server files or their contents is not transmitted to another server.
The log files on the primary server are deleted daily, and on a secondary server they are packed daily in encrypted archives and maintained for 30 days.
C. In addition, 1KA shall implement the following measures to ensure GDPR mesaures:
1. For backups (back up versions) of data, we take into account the generally established practice that the erasure of personal data (Right to Deletion, Article 17) does not need to be performed in all backups. In the event of an individual requesting the erasure of personal or survey data, the deletion is therefore made only in the primary source. For backups, log logs for possible subsequent backup interventions are kept. In this way, the deletion in backup copies is made only in case of restoration of a specific backup. The responsible person who is in charge of a particular survey should therefore re-perform the deletion in a restored copy, in case of restoring data.
2. At the user interface level, the author of the survey (controller) has several functionalities that support the execution of surveys in accordance with the GDPR regulations.
a. Review all surveys (viewing interface) of a particular author, where the author of the survey can indicate which surveys are committed to GDPR. In the first phase, the 1KA tool automatically identifies polls that can potentially contain personal information. The names of the variables (e.g., email, name, surname) and possibly the use of the 1KA email system are taken into account.
b. An interface for entering general information for all user surveys. This includes in particular information on who is DPO in the organization, data protection officer, how the data processing is handled (use, analysis, publication, archiving), the procedure for processing requests for deletion, contact information, etc. This information is available to (potential) respondents in all surveys of a particular author.
c. For each author, for all his surveys, an interface is available for viewing and managing requests for deletion submitted by respondents.
d. In addition to the above functionalities, which relate to the general regulation of the GDPR aspects for all authors' surveys for which the controller is responsible, at the level of each survey collecting personal data and complying with the GDPR requirements, the following functionalities:
i. An interface for entering and modifying additional information in the case of a specific GDPR binding survey. For each such survey, the author of the survey may make a statement as to whether the survey contains personal data, a description of personal data, an indication of the manner and purpose of data processing and indicate when certain personal data (automatic) will be deleted (e.g., email).
ii. In the case of GDPR, the survey’s author is offered a standard proposal for informing respondents, who are automatically shown a special intermediate page that informs the respondents of GDPR. At the same time, this intermediate site also includes a consensus, which will help the respondent to explicitly confirm the agreement with the data collection. Without this explicit consent, the respondent cannot continue answering the questionnaire.
3. For the respondents, the following suggestions are prepared, which can be additionally adjusted by the author of the survey:
a. The respondent's response form, which was shown to the respondent prior to the completion of the survey, is subject to surveys in the case of GDPR (see 2 / d / ii). If the survey does not collect any of the GDPR related personal data, only a general notification to the respondent on the privacy of data collection is added.
b. A general form on the 1KA website was created with the request for the deletion of personal and / or other survey data collected through surveys created in the 1KA tool. The completed form is given to the editor or controller, who is then responsible for processing the deletion. Automatic monitoring, reminders, warnings and confirmations are provided by the 1KA system.
4. The 1KA email system for sending invitations to the survey is updated so that it can easily delete the appropriate email address (and related survey data) in accordance with the GDPR regulations. As regards strict separation of personal data (e.g. email for the survey invitations) and 1KA questionnaires, the technical question is separated and cannot be linked by the survey author (supervisor).
5. The tracking and documentation of all changes in survey data (as well as changes to the questionnaire) is provided by the 1KA tool. This also applies to all insights into the information provided by the editor, manager, or administrator on a particular survey. The above documentation is fully available in 1KA archives, which can be accessed through all other navigation levels when considering a particular survey.
6. In accordance with Article 28 of the GDPR Regulation, the 1KA (Akson d.o.o.) application, hosting and maintaining the Web server, where the basic installation of www.1ka.si is installed on the cloud, has concluded an appropriate annex to the contract.
In the event that the 1KA tool is installed on the user's own server (e.g. organization or survey’s author), the controller is also responsible for the above described points (A) and (B). Installation in the Linux operating system can, of course, use the solutions developed in points (A) and (B). In the event that the user has a further agent or processor, such as, for example, services in the cloud, the user / surveyor of the survey should also formalize this in a responsible way with other processors (see point 6).