The new privacy law GDPR gives a very important change in perspective:
You own your data.
Does it mean that you have the right to force the bank to forget your data, and thus your debts? No, of course not. There are other laws that also come into play. There are laws about data retention at your broadband company, anti fraud laws at your bank, registries that your state keeps. But GDPR switches the basic premise: in the default case, data about you is yours. You loan your data to a company for a limited scope and a limited time.
This means that we who collect and process your data need to design systems that allows for pruning, purging and protection of all data regarding a person. And as we saw in the last article – data that can identify a person could be basically any data. That means the IT business have to step up our game, throw out legacy systems, build robust, predictable and secure systems.
Basically – GDPR forces us to create and use high quality systems.
But wait, does the law force companies to sell only good products? That sounds hard! Yes, it is if the company you’re dealing with doesn’t have a good overview of their assets, their architecture, their business value. If they don’t have smart processes and continuously work on their products, they will risk not complying with the GDPR.