loading...

How has your org been affected by increased data regulation in Europe? (GDPR etc.)

ben profile image Ben Halpern ・1 min read

Discussion

pic
Editor guide
Collapse
niorad profile image
Antonio Radovcic

Lots of interesting questions have risen, not only regarding to end-user-data (Which we don't have, since we're an Agency), but also client-data from other companies (e.g. PMs, Owners).

One example (hypothetical):

One of our developers has the phone-number of a client's IT-specialist saved on their device, which has Whatsapp installed.

  • Is the number considered personal data?
  • What is the legal basis to store that number on their phone?
  • What is the legal basis to share that info with Facebook?
Collapse
martyonthefly profile image
Sylvain Marty

In my job, we are taking this new regulation very seriously. :-)
We are building guidelines for POs and developers to respect the new GDPR restrictions on future projects and during development.
Also, we have to build an internal tool to erase correctly the user's datas of our system (on explicit demand only).

Collapse
scottishross profile image
Ross Henderson

Our workstack tripled due to lack of foresight.

Collapse
ben profile image
Ben Halpern Author

What kinds of problems have arisen specifically?

Collapse
scottishross profile image
Ross Henderson

Our databases are protected, but they aren't adequately encrypted. We've been trying to move to encrypted servers for over a year and they've just been saying "We can't afford it". We've even said that moving to AWS would only be slightly more expensive (Only an extra few grand) and everything would be fine.

They said they'll consider it, and as soon as our Auditor started kicking everything into gear for GDPR, they finally realised that we a lot of systems aren't compliant and we can be fined massively. We are taking it incredibly seriously, but we should have dealt with this at least a year ago.

I believe we're still holding onto hope for an extension at this rate.

But if they listened to the developers...

Collapse
darkliahos profile image
Sohail Nasir

Yes, it has added a lot of work at my current job. A lot of system wide changes need to be implemented, data needs to be consented or deleted. At my current company we have had this in the works for a couple of years so it's all planned work.

Collapse
jesalg profile image
Jesal Gadhia

We are taking the new regulations very seriously. We've prepared an impact analysis of the GDPR ruling and have come up with an action plan for all the things we'll have to account for to be in compliance. It's definitely going to take up a good chunk of our time this year and it will have to be something we keep in consideration just like WCAG compliance as we build new features.

Collapse
stealthmusic profile image
Jan Wedel

We have mandatory trainings for each employee, in depth meetings (5-10 hours) to gather information what we already have and what the gaps are followed by tasks to document and implement. The worst things are basically the need to export all user related data and the need to delete data compeletely. If you have large systems running, that’s a lot to do.

Collapse
pstorch profile image
Peter Storch

We have to analyse all our systems as well. Most of them are going fine, but I have a problem with a few. We not only have to take care of customer data, but also for employee data. This is personal data, too. And with GDPR we have to define how long we keep the data and there must be a process to delete the data as soon as it is no longer needed. There is also the "right to be forgotten".
I have no answer yet, how to deal with versioning systems like GIT. There is personal data in every commit (username and email), But it is not build to delete its history after a while. You can delete the history on purpose of course, but this is more a surgery and breaks all your processes based on the commit id.
How do others deal with such systems? There are also document management systems where you have to keep such history.

Collapse
dkassen profile image
Daniel Kassen

Reading the posts here make me think that the primer I read earlier today isn’t nearly enough...

Collapse
charliedevelops profile image
charliedeveloper

Loads of meetings and time away from the keyboard :(

Collapse
elmuerte profile image
Michiel Hendriks

They are basically doing this: 🙉🙊🙈

Collapse
niall_flynn profile image
Niall Flynn

Nice for me it has been a good way to drum up new business, have to say I love the idea. US lack of privacy/data harvesting has to stop.

Collapse
a3linux profile image
Allen Chen Jinlong

High priority tasks assigned in this year for GDPR already.

Collapse
xowap profile image
Rémy 🤖

The world is turning upside down, basically.