Welcome to the World of

GDPR ๐ŸŽ‰

โ€œThe thrilling adventure where data has rights, and lawyers have fun.โ€
Weโ€™ll explore GDPR and how QFieldCloudโ€™s DPA makes sure your data behaves like a polite Swiss tourist โ€” tidy, on time, and respectful of local laws.

Warm-up: Letโ€™s Talk Data ๐Ÿค”

Before we dive into GDPR and DPAs, a few quick questions.

What is a data breach? ๐Ÿ•ต๏ธโ€โ™‚๏ธ

  • โค๏ธ A hacker steals data
  • ๐Ÿ‘ My password is on a Post-it stuck to my monitor
  • ๐ŸŽ‰ Someone loses a USB stick on the train

What does DPA stand for? ๐Ÿงฉ

  • โค๏ธ Data Protection Alliance
  • ๐Ÿ‘ Data Processing Agreement
  • ๐ŸŽ‰ Double Pizza Agreement

What do you do when a data breach happens? โšก

  • โค๏ธ Report it immediately
  • ๐Ÿ‘ Take a deep breath first
  • ๐ŸŽ‰ Say nothing, maybe no one will notice

When ๐Ÿ’ฉ Hits the Fan ๐Ÿคฏ

  • Data breach is detected
  • Systems might be compromised
  • Customers may be affected
  • Clock starts ticking โ€” GDPR gives you 72h to act

The user perspective ๐Ÿ“ท

Imagine you upload personal photos for a photo book

  • ๐Ÿ—‘๏ธ Concern 1: Data loss โ†’ all photos are gone ๐Ÿ˜ฑ
  • ๐Ÿ‘€ Concern 2: Unauthorized access โ†’ someone sees very personal photos ๐Ÿ™ˆ

What do I want as a user? ๐ŸŽฏ

  • ๐Ÿ›ก๏ธ Protection against loss and misuse
  • ๐Ÿ“ Information on where my data is stored
  • โœ… Certainty that my data is completely deleted if I request it

What is a DPA? ๐Ÿค“

A Data Processing Agreement defines

  • ๐Ÿ‘ค Who can do what with the data
  • โณ How long the data is stored
  • ๐Ÿ”„ What happens to the data when the contract ends
  • ๐Ÿ” Which security measures are mandatory

Origin of the DPA ๐Ÿ“œ

The Mailman and the โ€œPostal Secretโ€

Legal Basis for the DPA? ๐Ÿ“œ

Based on government regulations

  • ๐Ÿ‡ช๐Ÿ‡บ EU: GDPR
  • ๐Ÿ‡จ๐Ÿ‡ญ Switzerland: revDSG (revised Swiss Data Protection Act)
  • ๐ŸŽฏ Goal: unified rules and clear responsibilities

GDPR in One Sentence ๐Ÿ“

Donโ€™t be creepy with peopleโ€™s data.

Personal Data: Itโ€™s Not Just Names ๐Ÿง‘โ€๐Ÿ’ป

Sure, names and emails count.
But so do GPS tracks, selfies, device IDsโ€ฆ
If it can point to you, GDPR wants a word.

Personal vs. Non-Personal Data? ๐Ÿ”

  • ๐ŸŒณ Tree height measurements?
  • ๐Ÿ“‹ Tree height + โ€œcollected by Bobโ€?
  • ๐Ÿ  Tree height + โ€œcollected by Bob at his houseโ€?

Assume Itโ€™s Personal Data Anyway ๐Ÿซ‚

Itโ€™s safer.
Like always bringing a rain jacket in the Alps โ€” you might not need it, but when you do, you really do.
Our DPA is built on this assumption: we process everything under GDPR-grade protections.

Retention: Not Forever ๐Ÿ•ฐ๏ธ

GDPR says: Keep it only as long as needed.
Our DPA says: When the partyโ€™s over, we delete your data unless Swiss or EU law says otherwise.
Plus: we certify that deletion to you โ€” pinky swear.

Notification Requirements for Data Breaches ๐Ÿ“ข

  • ๐Ÿ‡ช๐Ÿ‡บ EU GDPR: Notify supervisory authority within 72h (Art. 33 GDPR)
  • ๐Ÿ‡จ๐Ÿ‡ญ Switzerland (revFADP): No fixed limit โ€” report โ€œas soon as possibleโ€
  • ๐Ÿ‡บ๐Ÿ‡ธ USA: Depends on state, often 30 days or less
  • ๐Ÿ“ Organization-dependent: Internal policies or DPAs can set shorter deadlines than the law
    ๐Ÿ’ก Key takeaway: Law = minimum standard, but a DPA or internal policy can require stricter timelines.

OPENGIS.ch / QFieldCloudโ€™s DPA Promise ๐Ÿค

  • ๐Ÿ‡จ๐Ÿ‡ญ Swiss hosting in ISO 27001 datacenters
  • ๐Ÿ”’ Access is controlled by roles & permissions
  • ๐Ÿ” Subprocessors vetted & listed transparently
  • ๐Ÿ—‘๏ธ Delete data at contract end
  • ๐Ÿ› ๏ธ Assist with GDPR rights and DPIAs
  • ๐Ÿšจ Notify you of data breaches within 48h

3 Takeaways ๐Ÿ’ก

  • ๐Ÿ›ก๏ธ We take data protection at QFC very seriously โ†’ we can confidently show this to customers, especially for OnPrem requests
  • ๐Ÿ‘ React quickly if a breach is found โ†’ we have deadlines (48h)
  • ๐Ÿ˜Œ Donโ€™t panic โ†’ take a breath, then contact the QFC team

Closing ๐Ÿš€

GDPR and a DPA are not just paperwork.
Theyโ€™re our safety net, our customer guarantee, and our trust promise.
With QFieldCloud, youโ€™re on the safe side of data protection.