GDPR… Requires coding precision for risk mitigation.
To get an idea for how complex GDPR is going to be to turn into code please visit these three links by Robert Madge
- Five loopholes in the GDPR — link
- GDPR: data portability is a false promise — link
- Consent: lost (GDPR) and found (ePrivacy) — link
They all contain gems — and they are all thought provoking because people are currently still interpreting the regulations. And as the Bard says — therein lies the rub.
Why you ask?
Well is it a MUST or is it a SHOULD or even a MAY? And that’s the problem — it all depends on the context of your CURRENT AND FUTURE business needs. Get it wrong and the fines are going to be what I like to call, ‘behavior changing.’
Just for fun let’s examine two paragraphs from link 3…
The ‘Do Not Track’ indicator, as set in a browser or equivalent, will have to be communicated to all parties who get user data and it will be a legal obligation to act on this.
Key words — set in a browser OR equivalent… yep that’s right. Every mobile app needs to be updated to support DNT if you are using advertising which 90% of them are. All web UI libraries will need to be updated as well along with all web pages with some sort of consent mechanism AND more importantly a way to record your ‘exception’ and then read it later.
And then this paragraph…
Some number of organizations will find themselves subject to both the GDPR and the ePrivacy Regulation. In fact, every organization that operates a website will have to consider the ePrivacy Regulation — both in terms of implementing updated consent provisions on cookies and in giving particular attention to any data they pass on to third parties (such as analytics engines). Providers of any kind of communication or messaging service will be affected, since the regulation extends coverage from first-level internet or telecoms service providers to any provider of communications running over an electronic service. The data they handle (including metadata) will be classified as personal data if it is linked to an individual, so bringing the GDPR into play, and in any case all data handling is subject to strict ePrivacy provisions.
That’s pretty much everybody these days. Significant coding care will need to be used to ensure that everything is compliant.
So here’s a place to start — do a complete audit of all of your data… archive what has no value, and keep what has value. Then look at how you are going to engage with your consumer in the future. It will have two components for sure — web and mobile.
Then make it easy for your consumers to chose you over your competitors by giving them Choice®.