There have been some wins from GDPR, but it’s woefully under enforced. I became very familiar with the GDPR when I did an internship in the regulatory risk department of a big bank when everyone was frantically trying to rebuild shit to ensure compliance. I think it’s a damn good piece of legislation, and it’s a shame to see it doing so much less than it could be.
i also think the idea of gdpr is good in principle but if a legislation is unenforced and/or unimplementable then it is effectively useless. and gdpr is a case of mostly unenforced because it is practically unimplementable.
for example no company can reasonably implement the right to delete users data (one pf the core principles) when requested… at least not in the extent as it is defined in gdpr (i work as a data engineering manager and trust me, we tried, in every company i worked for…). it is a similar task in scope as if an author of a typesetting font suddenly had the right to revoke your permission to use random letters from their font… and when they did it you would be expected not only to stop using it immediately, but somehow remove it from all of your existing documents including printed copies and copies you sent out to your clients and suppliers (dear supplier, could you, please, replace the invoice we sent you last year with this attached copy add shred the one we sent you originally? we replaced all instances of letter “a” with different font…).
We definitely encountered challenges, like rouge data sets from silod teams, rehydration of backups, etc. but we managed to comply with the right to be forgotten. And these are large companies. If someone as a data engineering manager admits to not being able to do it? Well thats either a resourcing problem, a negligence problem, or a skill issue.
There have been some wins from GDPR, but it’s woefully under enforced. I became very familiar with the GDPR when I did an internship in the regulatory risk department of a big bank when everyone was frantically trying to rebuild shit to ensure compliance. I think it’s a damn good piece of legislation, and it’s a shame to see it doing so much less than it could be.
i disagree on a technicality.
i also think the idea of gdpr is good in principle but if a legislation is unenforced and/or unimplementable then it is effectively useless. and gdpr is a case of mostly unenforced because it is practically unimplementable.
for example no company can reasonably implement the right to delete users data (one pf the core principles) when requested… at least not in the extent as it is defined in gdpr (i work as a data engineering manager and trust me, we tried, in every company i worked for…). it is a similar task in scope as if an author of a typesetting font suddenly had the right to revoke your permission to use random letters from their font… and when they did it you would be expected not only to stop using it immediately, but somehow remove it from all of your existing documents including printed copies and copies you sent out to your clients and suppliers (dear supplier, could you, please, replace the invoice we sent you last year with this attached copy add shred the one we sent you originally? we replaced all instances of letter “a” with different font…).
Could you expand on some of these challenges? We haven’t had these issues in any companies I’ve worked at, but those were mostly on the smaller side.
We definitely encountered challenges, like rouge data sets from silod teams, rehydration of backups, etc. but we managed to comply with the right to be forgotten. And these are large companies. If someone as a data engineering manager admits to not being able to do it? Well thats either a resourcing problem, a negligence problem, or a skill issue.