Hello!
Does anyone have any experience in ensuring that a site adheres to the European Data Protection Laws?
I am about to start development on a new Rails site in which I need to store user’s social security numbers, along with other potentially sensitive data.
All I really know how to do is host a database on a service like Heroku, and protect from SQL injection.
The client I am building the site for is rightfully conscious about the safety of their data, and I want to be able to build the project in good conscience knowing that the data is safe and I am properly following the law of course.
Hope someone can help! Let me know if I can clarify in any way.
Can’t offer specifics around your implementation, because in all honesty I think the best response to this is “you might want to discuss it with a lawyer”, but you might find some of the resources from the Irish Data Protection Commission helpful as a starting point. You may want to specifically check the law for the country where the client is based/will be operating, as there may be some differences - for example, I believe that the latest data protection legislation in Switzerland incorporates the GDPR into Swiss law but goes over and above GDPR’s requirements in some areas.
Anyway…
There could be other requirements as well depending on the venue, of course, but that’s what lawyers are for. They provide legal advice, and this post is not legal advice. 
2 Likes