GDPR (or General Data Protection Regulation) must be the biggest talk of the town within several industries the last year. None the least within my area, marketing. Companies are hiring expensive consultants (who just learned about it themselves) and creating dedicated teams to secure all their data before the deadline in May next year. For you who just see G-D-P-R as four random letters, I will try to present a quick crash course on why this new EU regulation will influence not only business in general but also the development and testing industry.
So, what is it?
The General Data Protection Regulation will be enforced within EU on May 25th, 2018. The purpose is to give citizens more control over their personal data and to establish a universal legislation that will make sure that businesses are handling information correctly. Even though it is a law created for EU countries, it will have global effects. Furthermore, it could be an expensive story for organizations that do not comply with the GDPR, with fines up to 20 million Euros or 4% of their global turnover.
But what does it actually mean?
As I am not a lawyer, I will not go into details. We can summarize it in short:
After May 2018, it is against the law to store data that includes personal information anywhere where it is not approved and needed.
Does your development team work with real customer data in your testing environment? I am sure that the importance of securing personal information is nothing new to you, but as this legislation is even more strict than the current one, here are some important action points to focus on before next year.
Even though it might seem like an enormous task, this is an important step to start with. Make sure to document and backup all previously used personal data. The next step is to create an easy and effective process for keeping track of how and where your customers’ data is being used.
If you must work with real data in your testing process, make sure that all data is properly masked. If you have the opportunity, think about exchanging all real data to synthetic data.
Who has access to your customers’ personal data today? With GDPR in the pipeline, you need to create a procedure to guarantee that no unauthorized people in your team are exposed to personal data. It is equally important that the ones who have access are aware of what rules to comply with.
This is just a brief overview of a much more extensive project. It might seem like a hassle, and it could certainly be. But the overall benefits of better customer data security will be worth the work. If you have not started incorporating a GDPR strategy into your development process, now is the time. Countdown – 6 months!