Refactor: Series A clean structure
This commit is contained in:
37
docs/GDPR_Data_Compliance.md
Normal file
37
docs/GDPR_Data_Compliance.md
Normal file
@@ -0,0 +1,37 @@
|
||||
# GDPR & Data Compliance
|
||||
|
||||
Version: v0.6.0 Beta\
|
||||
Date: 2026-02-20
|
||||
|
||||
## Data Types (Typical)
|
||||
|
||||
- Transaction data (items, totals, payment method)
|
||||
- KlubKort account identifiers (card/searchkey) and balance
|
||||
- Operational logs (system / print agent)
|
||||
|
||||
## Processing Purpose
|
||||
|
||||
- Completing sales and producing receipts
|
||||
- Maintaining customer account balance (KlubKort)
|
||||
- Basic operational auditing and troubleshooting
|
||||
|
||||
## Storage & Retention
|
||||
|
||||
- Primary storage is local on the terminal
|
||||
- Hourly backups are created for recovery and reporting
|
||||
- Retention should be defined per event (recommended: minimum needed
|
||||
for accounting + troubleshooting)
|
||||
|
||||
## Security Controls
|
||||
|
||||
- Offline-first design (no public POS exposure required)
|
||||
- Restricted access to SUADMIN and system accounts
|
||||
- Physical access control to the terminal is required
|
||||
- Secure tunnel recommended for backup transfer
|
||||
|
||||
## Recommendations for Operators
|
||||
|
||||
- Restrict access to the terminal and admin panels
|
||||
- Keep Windows user accounts protected
|
||||
- Verify backups before/after events
|
||||
- Document retention period and deletion procedure
|
||||
Reference in New Issue
Block a user