GDPR, Miming passwords and laws in Denmark

GDPR

(Begin of language: English)

There’s a new-ish law in Denmark and the rest of EU. GDPR (General Data Protection Regulation). It contains requirements for how companies are to protect and process personal data.

(End of language: English)

GDPR

(Begin of language: English)

Among other things, companies has to formally describe how they take care of personal data, before they start working with that data. Subsequently, it must also be ensured that they handle their own processes in practice. 

(End of language: English)

GDPR

(Begin of language: English)

Some companies take it very serious. Maybe a little too serious. That led to some rather interesting rules in a project where I worked with personal data – as testers often do.

(End of language: English)

GDPR

(Begin of language: English)

Our test customers were copies of production data. That means that I worked with real peoples’ very real social security numbers. 

(End of language: English)

GDPR

(Begin of language: English)

One day, one of my team members wanted me to go through a flow with a specific customer. The problem was that we didn’t know how I could get the customer’s social security number from her.

(End of language: English)

GDPR
1

(Begin of language: English)

She wasn’t allowed to send me the number over email.

(End of language: English)

GDPR
2

(Begin of language: English)

She couldn’t print it or write it down, since papers with personal information weren’t allowed on our desks. I would also not be able to store the piece of paper somewhere, because I as a consultant wasn’t allowed to have a cabinet or other kinds of furniture.

(End of language: English)

GDPR
3

(Begin of language: English)

She couldn’t say it out loud since we were sitting in an open office.

(End of language: English)

GDPR

(Begin of language: English)

We ended up with a very elegant solution.

(End of language: English)

GDPR

(Begin of language: English)

She sent me the numbers in an encrypted Excel file. She then proceeded to mime the encryption key for me (And the rest of the project group).

(End of language: English)

GDPR

(Begin of language: English)

From this experience I learned that it takes a long time to decode mimed passwords that are made up of random letters and numbers.

I also learned that holding up one finger can mean a lot of other things than simply the number “1”.

(End of language: English)

Leave a Reply