heldercervantes

What about that new Data Privacy Regulation?

Recommended Posts

4 hours ago, heldercervantes said:

This particular part of the requirements is what's driving me crazy. 

 

Share this post


Link to post
Share on other sites

We can easily come to the conclusion that GDPR is technically possible, but the thing is that is it practically impossible to comply to, currently. Requirements of GPDR should be introduced and forced incrementally – in a reasonably long period of time – so that companies, developers and technology have enough time to evolve to the point when it is "so easy" to apply it in practice that there is no excuse no to do it.

Currently quite the opposite is true. They may say that people had plenty of time to take action – since the introduction of GDPR – but this is not how life works, and such an argument is ignorant and cynical. As GDPR raises too many questions right off the bat, it is not fair to expect that businesses should know by now what to do without asking experts. Since there are no "GDPR experts" just yet but it is soon put to force, there are only questions and a lot.

Trying to force GDPR and ePrivay on us all at once will hand a huge advantage to America and the rest of the world, also it will have a serious negative impact on the European economy, meaning that we are going to shoot ourselves in the foot.

Applying GDPR and ePrivay requires time and money and the rest of the world simply do not care, so they will not follow suit while we are forcing ourselves to pretend we can do the – currently – practically impossible. Business leaders do not understand the technical details at all, so they are forced to rely on IT staff who need to come up with ad-hoc "solutions". The current situation can be considered as business opportunity for the IT world but it will be a lot of fragmented, not yet tested and questionable work which is only needed in the EU. We want to solve what others do not, and all at once. We rely on systems which are mainly developed by US "companies/teams" which are not forced to comply and that is why we are left to implement it all ourselves , each business has to do it on its own from scratch , and that is a far cry from being effective.

Edited by szabesz
typo

Share this post


Link to post
Share on other sites

The GDPR was approved two years ago, so how much more grace period should there be? As with each new law it's not going to come with any set of "best practices". They'll be worked out as the first lawsuits are held and concrete situations will be applied to the rules. There just isn't anyone out there to really finally interpret written law into concrete ways of handling thing besides judges in a lawsuit. 

It's a bummer that the ePrivacy rulings, which are supposed to go more into detail in the enforcement of gdpr in the digital world are still in the sad state of being nowhere near final. There are also various sources reporting that the ePrivacy laws won't be able to come into action until mid 2019 based on what is still to be approved by the EU and it's member countries.

3 hours ago, szabesz said:

Trying to force GDPR and ePrivay on us all at once will hand a huge advantage to America and the rest of the world, also it will have a serious negative impact on the European economy, meaning that we are going to shoot ourselves in the foot.

3 hours ago, szabesz said:

We rely on systems which are mainly developed by US "companies/teams" which are not forced to comply and that is why we are left to implement it all ourselves , each business has to do it on its own from scratch , and that is a far cry from being effective.

That might be the case in places, but as the GDPR is enforced for each company working with data of european citizens it's going to hit almost any globally active company as well as european ones. E.g. AWS is already claiming that they're gdpr compliant. For heroku I didn't find conclusive info, but salesforce (which owns heroku) does have extensive information on gdpr and how to comply when using their service. So if US companies want to make money in europe they'll have to deal with compliance.

  • Like 3

Share this post


Link to post
Share on other sites
25 minutes ago, LostKobrakai said:

The GDPR was approved two years ago, so how much more grace period should there be?

4 hours ago, szabesz said:

They may say that people had plenty of time to take action – since the introduction of GDPR – but this is not how life works, and such an argument is ignorant and cynical.

Why cannot we do it – just once – in way that makes sense, something like:

4 hours ago, szabesz said:

Requirements of GPDR should be introduced and forced incrementally – in a reasonably long period of time – so that companies, developers and technology have enough time to evolve to the point when it is "so easy" to apply it in practice that there is no excuse no to do it.

 

25 minutes ago, LostKobrakai said:

There just isn't anyone out there to really finally interpret written law into concrete ways of handling thing besides judges in a lawsuit. 

Should it be normal to face the possibility of big fines because the law is always ambiguous? Is it really the way it should be? Just because we got used to it, it does not mean this is what we should put up with forever.

So there were two years to do something but most companies have just started to deal with this issue, if at all. We can pretend that it is the fault of business owners but I do not think so.

Edited by szabesz
typos

Share this post


Link to post
Share on other sites
19 hours ago, szabesz said:

 

Well, encryption per-se is not mandatory, but "Data protection by design" is: https://gdpr-info.eu/art-25-gdpr/

They give leeway to choose an approach, but ask us to do something about it and not just let the info lying around for easy picking. Since pseudonymization is too complex for small to medium projects, I'd say our best bet would be on encrypting sensitive info like emails, names, id numbers, phones and addresses. As far as the things we build, there shouldn't be much hassle. Unless you're building apps that store medical records or something like that.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.