GDPR is also a useful thing for geeks, in order to kill terrible ideas.
"You'd like to keep this data from this forever? Certainly! Now if your business unit is committing to GDPR responsibility for maintaining this data, we'll notify the DPO and ... oh, you want to delete it? Done. Cheers!"
I am enormously pleased to say that the techies in our organisation are absolutely onside with this, even as it will be work. Because it's clearly the correct idea.
GDPR stands for "General Data Protection Regulation". The author should have written this somewhere at the beginning of the article instead of just assuming all readers know what it is.
I explained this and the potential ramifications to my boss the other day, We are going to do a full audit of all the data we possess (mostly business to business and very little PII) before next year.
It will likely mean some development work as well as we are going to need a reliable auditable way of wiping data.
Despite it making work for us all I can say is about damn time.
Yes, if we can't stop shops insisting on details of our sex lifes before selling us a pair of jeans then we need more GDPR and its ilk.
I would not complete the transaction if that data was requested without very good reasons, and have already point-blank refused to take up 'incentives' for superfluous data. Leaves a very bad taste. Can we parade the marketing dept naked on TV, "just so we can send them a gift on their birthday?"
I'm definitely not going to complain about the GDPR and while I expect 2018 to be mild when it comes to enforcement I'd hate to be the company they are going to use to make an example out of in 2019 or so given the per instance fines.
That can put even large players instantly out of business, so better take it serious. The GDPR, unlike its predecessor, does not require per-country ratification and it has some pretty serious teeth.
If you're going to write an entire article on GDPR, might want to explain what GDPR stands for.
just 2 cents from a GDPR pleb
I found this GDPR Whiteboard helpful: https://www.teachprivacy.com/gdpr-whiteboard/
From the article:
GDPR applies to all companies storing information on EU citizens. Those citizens should be allowed to know what data is held, where it is being stored and who has access to it.
This is not correct, as far as I am aware. A bit of a nit, but depending on context it can be important: The GDPR applies to all companies with legal presence within the EU storing information on any person, regardless of whether they are EU citizens or not.
So even if you only store personal data on foreign (e.g. US) citizens, you still need to follow the regulation.
The author implies that there was a real public opposition against the GDPR.
Is this really the case? All I've seen is praise.
We find there is a core tension between GDPR's principle of data minimization (take no more than strictly necessary), and SaaS practice of data driven innovation (collect everything, then try to figure out what is useful)
Is there a similar initiative to protect consumer data privacy in the US?
I am an EU citizen, but live in a non-EU country. Does the GDPR regulation apply to data about me?
though GDPR is making more work for me I am glad to see it!
GDPR solve two problems: * Businesses which collect whatever data they can put their hands on, and sell it to the data brokers. Users formally allow it, because they hide permission to collect whatever they wanted in the TOS, which users accept without reading it. Examples of such businesses are creators of browser extensions, which collect all your browser history, or mobile apps which collect all your movements. Users often don't understand what's done with their data or that it's collected. * There's a very large incentive for companies, especially Google and Facebook, to provide only ad supported versions. The more person, well off, the more expensive their clicks are. GDPR substantially changes it, allowing people to control their data.