The GDPR Book Club — start yours now!

Not the actual identifiable natural persons 😜

Working as an independent data scientist and consultant, I have the privilege to be very flexible with my time. This allows me — among other things — to volunteer for DataKind: a non-profit mobilising data scientists to donate their work to other non-profits. We deal with a lot of data that our charity partners share with us, so that we can work on it for and with them. As the EU’s General Data Protection Regulation (GDPR) becomes enforceable next year in May— we share with them some of the pain, too.

How to prepare for GDPR, then? DataKind, in the UK, is made of volunteers, but for a full time General Manager and a Community Manager on payroll, and runs on a minuscule budget. Occasionally, we’re lucky enough to benefit from some pro-bono work from generous city law firms — e.g. through Thomson Reuters’ TrustLaw programme — but the great part of all the GDPR work needs to come out of our own volunteers. How to manage that? We’ve had a great idea, and we believe you may do the same.

The GDPR Book Club

The official text of the law, as it was published in the Official Journal of the European Union, is made of two parts. The first 31 pages are descriptive, include definitions and principles, what the EU considers good practices, and a few warnings. The latter 57 page are prescriptive: it’s the actual articles of the law people will take you to court for violating. (Lawyer friends, be forgiving with me. I don’t know if any of this terminology is correct, but I’m doing my best.) The first part in particular is accessible and very informative: in my opinion — a must read for anyone dealing with data in their everyday work. Really, you have no excuse to leave Legal alone with the job to find out what GDPR means for you.

I agree, however, that reading law may be scary, and most of us are probably completely unprepared for it. Isn’t that the same feeling you get when you join a book club for the first time? Can you remember the butterflies in your stomach, or how you tested your serious face in the mirror before going, in preparation for when you’ll have to share some profund thought about the book or the author?

How to overcome your absolutely reasonable resistance, then? Read GDPR in your own time, and discuss it in good company, as if it was a book club. At DataKind we’re (data) scientists, not lawyers, those are very different sets of skills. But we put together a small team of four — two data scientists in the private sector, one in local government and one in scientific research — and started reading the darn thing start to finish. We discussed it together for the first time yesterday and, you know what?, we’ve had a great time. You should do it, too!

If your group reads the bill in advance, it will take about 2 hours to discuss about 50 articles, as you take notes, filter out what you realise does not apply to your company, discuss what is not clear, and google the rest. I suggest you focus on the Legislator’s intention, on the ethics she wanted to pour into law, and not on the text per se: that’s where the core learning is.

We plan to complete the discussion of the first part of the bill in two more meetings. I can’t talk for the others, but I already feel a lot more comfortable with my understanding of the law, and confident I will be able to prepare DataKind and our partners to keep work efficiently together in the full respect of the law (don’t quote me on that if something goes wrong, I’m still not a lawyer 😅).

So, what are you waiting for? Start your GDPR book club now! And, if you’re in London, you’re very welcome to invite me to to participate to one of your sessions. Perhaps I can share some of our experience and tell you more about DataKind.