OK, so earlier today I went to the Azure Meetup in Hamburg. Todays talks were about what’s possible with Chatbots using Azure and security/privacy changes in the European Union and Germany after May 25th, 2018.
For an easy guide to the process of Security & Compliance, @endjin have created a free poster https://t.co/scjZHBgUGj #azure #cloud pic.twitter.com/TjPoWKtc1O
— Azure Weekly (@azureweekly) 20. Juni 2017
The first talk presented some possibilities that you have when using the BotFramework as released by Microsoft last September. Thomas explained how you need to design your bot, introduced some basic functionality and made a Demo on how you may embed and chat your own bot to Skype.
The other talk was about data privacy. As some of you may already know, there will be some basic changes in the European law to protect personal data. The Directive already entered into force on 5 May 2016 and all EU Member States have to transpose it into their national law by 6 May 2018. So Sophie and Björn had a great talk about differences of the current, old data privacy law against what is updated and new after next May. The one thing got my mind hit about the General Data Protection Regulation change; the first one is about the so called “Article 29 Working Party”. What I understood from the talk is that the current regulation in this section is not already clarified. OK, there is some rules written to the law, but on the other side there is only low guidance present on how to perform that section in a lawsuit.
The other thing to me as I’m working for a service provider is this
Each processor and, where applicable, the processor’s representative shall maintain a record of all categories of processing activities carried out on behalf of a controller, containing: (a) the name and contact details of the processor or processors and of each controller on behalf of which the processor is acting, and, where applicable, of the controller’s or the processor’s representative, and the data protection officer;
(b) the categories of processing carried out on behalf of each controller;
(c) where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of appropriate safeguards;
(d) where possible, a general description of the technical and organisational security measures referred to in Article 32(1)
A similar requirement already has been there on the reuqesters side; but it’s very new for a processor that they must do all thar recording. I’m very exited to see what’s the expected outcome for that on the first lawsuits.
Puh, this all law changes sound really weird to me if you also know that they shall make such penalties be effective, proportionate and dissuasive. I think there will be some calls to order by some advocates next summer to get most out of that.