OMGDPR in Berlin at SoundCloud

On a Saturday afternoon on April 21st, OMGDPR, a community-run, unconference around GDPR took place in in SoundCloud’s offices. I was one of the people organising it — here’s my write-up.

First though, why an unconference around GDPR?

I’ve been working on the web for the last ten years, doing a mix of development, UX, product management and user research, and I can’t think of a part of my job that GDPR doesn’t touch.

I’m not alone in this thinking, and a recent piece by Heather Burns helps explain the impact of GDPR far better than I can in words.

I think it also represents a chance to move away from the existing trashfire state of affairs around personal data — where to paraphrase a William Heath, we tend to be either in a state ignorance, or denial, or depression about how data about us is used.

GDPR as planet-bound asteroid

I’ve been using this motif to help me think about GDPR.

It feels like change for the tech industry in the same way that a giant asteroid might have represented change to wildlife around the end of the Cretaceous period on Earth — bad news for gigantic dinosaurs, but rather better news for little mammals, like us.

GDPR as a Planet-bound asteroid. Nabbed with permission from Lucy Fedia’s tweet

A continuous process, not one-off exercise

I also think that GDPR is best thought of as a shift in mindset, more than a one-off box ticking exercise to make sure you’re compliant — the more I learn about it, and how it’s enforced, make me think it’s a continuous process, and in many cases for the web, it’s a content design issue as much as a legal issue.

In cases like this, I think learning how others are going about working with the same issue as you, and learning from each other’s struggles is really valuable, and helps create networks to call upon later. I find this image below, borrowed from a fantastic post about unconferences really useful for understanding the distinction:

What it looked like

We were lucky enough to find at least one organisation offering to host the event, but in the end SoundCloud’s offices were where we ran it.

One of the reasons being it offered a versatile space that we could split up into smaller places, and well… because it looked swanky as:

This photo from a magazine feature is pretty close to how it looked.

Above was the main space for meeting and greeting people. After introducing the event, that is was running under the Berlin code of conduct, and the plan for the day, attendees pitched ideas for sessions.

We had deliberately run the event after lunch to keep costs down, but thanks to Manuel of Uplink.tech, we ended up with a decent spread of snacks to keep people going through the afternoon. Thanks Manuel! 👍🏽

Minimum viable snackage at OMGDPR

Pitching sessions

For about 40–45 people, we had about 14 sessions in total, after removing duplicates.

We had more pitches than sessions, so we stuck the session title on a makeshift grid, made from SoundCloud’s bank of fridges, then used a simple voting system with markers to build our schedule:

We had a few markers around, and left people to vote on the ones they wanted to go to

If you’re curious they looked like this — we used oversize stickies like these:

This gave us a schedule like so (you can see the full deck we used here — feel free to copy and use it as a template) :

Once people knew where to go, they ended up speaking in the various session spaces, each one with a) who proposed the session, and b) a heroic volunteer facilitator, capturing the notes as they spoke.

I’ve shared pics of the rooms to give an idea of how we laid them out, to allow for some lightly facilitated conversation in groups.

Track 1

Track 1 — it looked a bit different to this, but you should get the idea

Track 2

Track 2 — every room had a flipchart for making notes

Track 3

Track 3, downstairs. This was juuust down the stairs from the pitch session.

We had some overflow space too, just in case people wanted to speak in smaller rooms, or everyone who said they would turn up really did turn up. We didn’t need these in the end.

Capturing what we discussed

We sent a publicly visible briefing document to all the volunteer facilitators who signed up to come — but I’m also very grateful for the OMGDPR hashtag on twitter, to get some pics like this:

Thankfully, people actually filled out the notes, like this:

The full set of scans from sessions.

I’ve scanned all the notes from the day — these will mean more to attendees than anyone else, but I’ve created this publication to allow others to post to it, so there’s a single place to look.

I have plans to write up some more for the sessions I was involved in, but for now, I’m sharing this as a interim step:

There’s also a etherpad with a bunch of links to the notes, and (hopefully) some crowdsourced links for each session)

Potentially risky OMGDPR sessions Etherpad link

Special mention— assessing GDPR readiness and handy templates

The publicly visible google drive above lists all the session notes, apart from the Assessing for GDPR session led by Kathryn of Corrick Wales & Partners (CW & P). CW & P is a partnership providing advisory services around GDPR, who had come all the way from London for the session, and as you’d imagine, ran one of the most popular sessions on the day:

Super handy assessment templates from Corrick Wales & Partners

If you run an organisation or product that stores data about users, you’re probably either data controller, or a data processor under the GDPR rules coming into effect on May 25th.

CW & P have been nice enough to share the templates they use themselves for helping carry out assessments, and planning what steps you need to take:

A template and plan for GDPR Data Controllers

A template and plan for GDPR Data Processors

What happens next?

Maik, Tiffany and I put the OMGDPR unconference together for free, in our spare time, largely because we felt there was a need for it.

The thing is, while it would be nice to write up each session, we all have lives and jobs, and this was a bunch of work as it is. This is where you come in, if you came to the event and fancy helpiung. This publication has been set up, so that if anyone else who attended fancies writing up a session they were at, we can republish it here.

If there is future interest in events like this:

You can follow this publication to find out about new articles posted here.

Also, hust like how I started by gauging interest with a typeform for a Berlin unconf a few months back, I’ve set up a mailing list form to gauge demand for future OMGDPR-related events.

If there’s demand, and a way to make it work, we might be able to run more of them.

Sign up for future notifications via email

If you want to speak to other people about using personal data sensibly

I’ve been a member of the responsible data mailing list for a few months, and I can absolutely recommend it. The focus isn’t just about GDPR, but there’s a load of smart people on it, and useful advice.

If you use twitter, it’s worth checking the #OMGDPR hashtag - there’s some more photos and notes not mentioned in this piece.

If there’s a good resource you’ve used yourself or community that you’re a part of that’s been helpful when prepping for GDPR landing, please add a comment below, you’d be making a load of people who spent an absolutely gorgeous Saturday indoors at a GDPR unconference very happy.

Ta!