SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

Are you GDPR Ready?

By Steve Jones,

The GDPR is being enforced as of yesterday. It's been a law for two years, but fines are now going to be assessed for violations. If you're like me, you've been getting a lot of different types of privacy policy updates, new opt-in requests in email, some notices in email with the burden on you to opt-out, and more. A few people joked about how many they've been getting, and certainly I've seen no shortage of updates. I've even seem some updates to services that don't allow access to content, such as YouTube, without clicking some accept button.

It's interesting to see the various approaches being taken. Last week in London, Redgate held a SQL Privacy Summit and I was honored to host a panel discussion from various industry experts. They had different takes on the GDPR, though most of these people were pro-GDPR, happy that some proper data handling was being enforced. That's the attitude that many DBAs in know in the EU, as they now have some legal reasoning why we should implement better data handling and security practices.

However, I've also seen that there are different interpretations of how to deal with data. Do you need to ask all customers to opt-in? Can you continue to use data in development and test environments? Can you process data as you already have if you disclose what you're doing? Is the burden on the company or the data subject? I'm sure we'll see various decisions and rulings from regulatory authorities across the next year as data subjects complain and companies try to do the minimum level of work.

The idea of data being somewhat co-owned by a business and an individual is fascinating  I see both sides, and I certainly would like to have some rights over data about me. I definitely think my address, my date of birth, and more should be secured and companies that use my data should have some liability if it's disclosed. I'm not sure about rights over how it's used, but that's certainly a discussion that's coming.

I've already seen one organization file suit over access to data, because they're being forced to consent to handling that they disagree with. That is going to be something I watch carefully. Can a company change their terms arbitrarily, ask me to consent in a take-it-or-leave-it fashion, and withhold access to data? Do I own my messages and data stored in services? Is it co-owned?

Like it or not, the GDPR is forcing us to have some discussions and debates about digital information, which is good.

We're mostly ready at Redgate, and certainly continuing to do work. Ultimately, our reading of the GDPR (with some backing from auditors), is that we don't have to be perfect today, but we need to be making an effort and be able to prove that we are doing so. So on a day after the GDPR went into enforcement, what are you doing? Do you think you're ready?

 
Total article views: 39 | Views in the last 30 days: 39
 
Related Articles
ARTICLE

Company Rewards

Is there something that your company could do for you that would show that they valued your employme...

ARTICLE

We are All Data Companies

Many companies are data companies, whether they realize it or not.

BLOG

Why do companies need DBA?

Have been asked by few IT pros in the past few weeks about why does a company needs to hire...

FORUM

You Certainly Can Do About This Now

Loose Loose Skin - 7 Things You Certainly Can Do About This Now Skin care was not a thing that I pr...

FORUM

Company Rewards

Comments posted to this topic are about the item [B]Company Rewards[/B] I work in somewhat of a skid...

Tags
editorial    
gdpr    
 
Contribute