GDPR : The good, the good and the good!

As is the way with reporting these days, most of the posts about GDPR that have gained any sort of traction over the last few years/months/days have been focused on the doom and gloom side of things. I too have found myself focussing on this side of the issue, being the natural worrier that I am. Having said all that, I think it’s really important to take a step back and look at the issue as a whole…

I’ve seen a few comments from people outside the EU, and some inside, that can be summarised as, “F**k You EU!” I can understand that to a certain extent, but I think it’s important to remember what this is all about.

The Good : It’s about protecting you!

It’s really easy to gather massive amounts of data about you. This data is used to profile you and subsequently influence your decisions. There’s a reason why those pizza adverts keep coming to me, but I never see adverts for booze…

The stories about companies like Cambridge Analytica highlight how this data can be used to influence more than what food you buy. It can potentially influence who/what you vote for, and we can see how that has worked out for us in the UK and those in the USA recently…

I understand you may not like the implementation of GDPR from a business perspective, but surely you’ve got to agree that some control over the collection and use of this data has to be put in place?

Understanding what data is held about you and how it is processed is a good thing.

The Good: The technical stuff is easy

There are challenges associated with the technical side of GDPR, but for the most part we have the technology, tools and intellect to deal with this. Depending on how much work your company has put into security over the years, there may not actually be that much to do on the technical side.

For a number of people GDPR has been good leverage to finally deal with some important stuff that has been moved down the priority list for years, because it’s more important to add a new spangly widget to an application than to patch a server.

If nothing else, this type of work keeps us techies in work, which is a good thing. 🙂

The Good: The business process is where it’s at

If you’re reading this you are probably involved in IT, so the technical side of things is probably your main focus. Where is the data, is it secured, does it need to be encrypted etc. This is the tip of the iceberg, and as mentioned previously it’s all pretty easy, but labour intensive, to identify and fix. The really tough stuff is to identify and secure the business processes…

Burt uses an APEX interactive report to display some data he’s interested in. He downloads it as a spreadsheet and emails it to Beryl because she is the “Seven of Nine” of Excel and has macros coming out of her ears. She works her Excel Borg magic and emails the resulting masterpiece back to Burt. Burt then emails it on to Barbara who downloads it on to her laptop so she can take a look through it on the train on the way to the next board meeting…

Is anyone seeing the problem with this all too common business process? It really doesn’t matter how secure your database and applications are if people are going to download the data onto their PC, play around with it, print it, email it to people and then lose their unprotected laptop or memory stick on the train…

GDPR incentivises you to identify these stupid processes and secure them, or preferably replace them by something more sensible. This is a good thing. It’s something we in the IT world have been trying to encourage for years. Not only is it a good idea, but it’s also going to keep us techies in work. Do you see a pattern here? 🙂

Conclusion

I’m not saying GDPR is perfect. I understand it introduces a set of problems for companies. I realise it’s easy to go down the rabbit hole of doom and gloom, but this really is a good thing.

Speaking for myself, it’s been quite enlightening reading through the GDPR information and going through the process for my website and blog. I was surprised about how much data was being captured that I didn’t know about, especially considering this is just a crappy “read only” resource, not a proper business that needs to track customers/clients etc.

The next few years will prove interesting.

Cheers

Tim…

PS. I might have forgotten to mention it keeps us techies in work… 🙂

Author: Tim...

DBA, Developer, Author, Trainer.

2 thoughts on “GDPR : The good, the good and the good!”

  1. Stew: The Machine Learning and AI I employ to profile you… Doh!

    I would suggest companies employ the standards to all personal information, regardless of territories. I’m sure we can pick some edge cases, but for the most part I still feel it is for the good.

    More specifically about your point, in some cases it would be very easy as people will identify as part of their user details. In other cases assumptions, that could be wrong, will have to be made. Over time the tools and approaches will develop and what is “acceptable” will become clearer. The EU have said their initial approach will be lite-touch to help people in the right direction, rather than striking people down from day one. If we ignore breaches for the moment, the main thing is that companies are actively doing something about it and users are given choice…

    The discovery of what you capture is important. You can then determine if you need to keep it and how you need to process it, if at all. There will always be some difficult decisions, but equally there will be some really easy ones. The articles make provision for legitimate use (consent, contract, legal obligation, vital interests, public interest and legitimate interest) and for exclusions from certain parts when you can prove why you should be excluded, rather than just saying screw it. 🙂

    Of course nobody really knows where this will take us because some of the elements are loosely defined and ultimately it will come down to the cases that are won or lost to determine what it all means.

    Cheers

    Tim…

Comments are closed.