GDPR, Digital Applications Development & Pizza!

The EU General Data Protection Regulation (GDPR) is effectively now in force and will be fully enforced by early next year. If you are remotely involved in applications development and have not yet heard of this regulation, please step away from the computer now!

Here's what we are seeing with respect to digital initiatives in Government and Financial Services:

 1) The impact on the need for increased infrastructure is significant and GDPR will drive adoption of cloud hosted managed services. More security, more disaster recovery, more auditability means more virtual machines and more data - although not necessarily more data storage!

2) Some online services will simply have to revert to paper, phone and post. Yes, in order to fully comply with GDPR legislation some organisations will revert to analogue because the cost and complexity of GDPR is more than the specific process is worth.

3) Any organisation dealing with children or minors will probably stop storing information collected online. Even though the consent of a parent can supersede this the increased sensitivity will mean even greater protection. To be very specific here the likely overhead of handling sensitive data relating to children or minors will mean that very small organizations will be better off doing it the old fashioned way.

4) The legislators are serious and the fines are even more serious. The best case scenario for a breach of the regulation is a warning or an audit but this will be published publicly. The worst case is a €20 Million fine or 4% of company turnover, globally.

5) Securing the input forms is not enough. The use of SSL will secure the session as information is input but a range of additional security features from encryption to access management will be needed to stay within the guidelines.

6) Understanding the difference between input and storage is essential. Organisations should prepare for data breaches and consider how these breaches impact data protection. This means that although input may be in one screen or form the data might be held completely separately so that in the event of a breach no collated data can be exposed even if encryption is broken.

At pTools we have considered ‘data transport layer’ for many years and understanding how data travels from your customers through your organization is an important starting point in the process of securing and storing that data and complying with GDPR legislation. 

 If however this legislation stops online providers from insisting that we all become ‘members’ of the site before we can book anything and everything no matter how small then it may not be all bad...do I really need to provide; my title, my first name, my family name, my age, phone number, alt phone number, email address, confirm email address, card number, expiry date, security number, card name, card address, postal address, post code, country, user name, password, confirm password, mother’s maiden name, first pet’s name, and which side of the bed I sleep on - just to have a pizza delivered!