GDPR – PDEC Members’ Viewpoint (versus that of many others?)
Combing the web for GDPR news and data, plus preventive and supportive offerings, one comes upon any number of findings. Consultants are teeming, from small fry one-man (or -woman) shows to the vey largest international big-name consulting firms.
Data Management and protection firms are abundant with White Papers, advertising, web pages full of information and guidance, and no shortage of explanations extolling how they are immeasurably capable of providing for clients’ GDPR needs.
Document after document, article after article, news story after news story – they all tend to focus on certain aspects of GDPR. Important aspects, yes. Let’s list them:
- Data Protection Officers
- The Right to be Forgotten
- Data Portability
- Privacy by Design
- Breach Notification
- Right to Access
But, from a PDEC perspective, this is not enough.
What these news stories, articles, white papers, and posts on web sites from various firms offer – and to be fair, most if not all of them offer and provide quite well – is encryption, masking, storage, cloud storage, and pseudonymization. Transport may also be in the product package, but interactions that involve the citizen, the consumer, the customer, owner of that personal data, is never mentioned. The actions of acquiring consent(s) or permission(s) seem lost in the product offering.
The focus is primarily on the vendor (or data holder) side, how various companies can provide services to them, ensuring the quality and protection of that data in a manner that is GRPR compliant in technical terms.
The consultants offer guidance on the bullet points, above. For the most part, though, research on GDPR offerings provides data protection, housing, cloud storage, safe transfer, etc.
What, then, of the transport of those data, the sharing of those data?
Curiously, web searches do not offer too many hits of companies offering this level of service. Why is this? Are the companies emerging in the space doing so on a stealth basis? How about the day to day use of Citizens’ data for transactional purposes? That’s transactional in the more clinical sense, not just financially transactable.
And how do vendors (“Bob”) interact with customers or consumers or clients, aka citizens (“Alice”) under the terms of the GDPR?
Maybe that should say how do the Bobs of the world interact with [their] existing and future Alices? This is actually a concern that strikes deep into the heart of many PDEC members.
Dealing with sensitive data, aka Personal Data, has always been a critical issue. As of May 25th the GDPR makes it regulated, and subject to fines if not handled as per the new guidelines.
This occurs simultaneously with the rise of the Personal Information Economy.
Personal Data has risen in perceived and thus allocated value. Which should make the daily or weekly transactions conducted by the Alices of the world of greater value than ever. And make the Bobs of the world more determined to both stay within the GDPR guidelines and to serve their Alices in a manner compliant with the GDPR.
We know that there are PDEC members involved in this area, the day-to-say transactional basis of handling data between and among Alice and Bob. This is shared data, sometime permissioned, sometimes consented, for specific purposes.
Let us hear from you. We want to feature your work, your approach, your method. There’s a key difference between the day to day work and the more prophylactic encryption or masking data management products and services.