|
|
|
|
|
|
by andybak
2954 days ago
|
|
|
> the ones that handle user information responsibly in the first place, and aren't opaque data hoarders as a central part of their business model. Do you only acknowledge the existence of these two categories? So only "data hoarders" would struggle with becoming GDPR compliant? I've got clients in the charitable sector having to reconfirm their entire contact list - 99% of whom would be happy to stay in touch - because the provenance isn't up to GDPR standards. We're expecting to lose most of those because people forget to respond to yet another GDPR request. Expensive audits and code reviews, re-architecting parts of the system that accidentally record fairly innocent personal data (IP addresses in logs and backups, historical shop order data, Test data copied from live data. Staging servers and all the other places that data ends up in when a website has been around for a decade or more) Yes - this data could potentially be misused and it would have been wonderful to have anticipated when the system was originally built but that was in a more innocent age and nobody could have made a business case for it back then. I would argue that the cost to organisations (many of whom are non-profit) vs the benefits to users is fairly out of kilter. Protecting user data perfectly is a noble aim but perfection costs. |
|
|