GDPR Training

After posting about the privacy focused Overcast update I received a company training on GDPR.

Some interesting things I got out of it:

  1. Breach Notification - regulators are to be notified within 72 hours and users should be notified “without undue delay”.
  2. Right of Access - After receiving a written request from an individual, companies are required to provide the personal data, in electronic format, free of charge, within a month.
  3. Right to be Forgotten - Individuals can request that companies controlling and processing personal data erase the data and stop any further circulation of the data.
  4. Data Portability - Individuals can request that their data by freely transferred to another organization.
  5. Right to Object - Users have the right to object to their personal data being used for “profiling”, which is any form of automated processing to evaluate personal aspects of an individual.

As a user I love each one of these individual rights. From a company perspective (not the company for whom I work, I don’t speak for them.) I think it’s going to require a lot of changes to processes to be compliant.

If I were creating a new business I would design the business to be privacy first and avoid any and all personal data as much as possible.

Nate Bird @nate