Are you performing your due diligence?

Developers need to remain diligent at one-year mark of GDPR

Chris Jordan
© Shutterstock / Ivan Marc  

It may seem like yesterday, but we have already reached the one-year mark since the enforcement of GDPR. Are you performing your due diligence? In this article, Chris Jordan explains why developers need always respect GDPR.

One of the most talked about IT events in the past year was the passage of the General Data Protection Regulation (GDPR), which is the European Union’s strict consumer data protection law that replaced the 1995 Data Protection Directive.

Basically, GDPR regulates the requirements for organizations that collect, process, store and transfer personal data.

Questions surrounding big data

GDPR is all about user data, and many organizations collect an immense amount of data on its users. Organizations hoping to gain or maintain compliance should start by answering the following questions when it comes to managing user data: 

  • What data is being collected?
  • Where is the data being collected from?
  • Where does the data go once it is collected?
  • Who has access to the data?

Companies doing business in the EU are required by GDPR to know the answers to these questions with regards to user data. 

Obtaining user consent

Consumers are increasingly holding organizations like Google and Facebook accountable for how they use the consumer data they collect 24/7. In the last year, there has been a growing trend in consumer empowerment over their data — 105,000 EU citizens have since filed complaints with national data protection agencies for noncompliance. Consumers must give their explicit consent for organizations to collect their data when entering a web site. For developers, this means exploring tools for obtaining consent for any user across any application. 

Streamlining data access & reporting

GDPR gives users the power to request all data that is being collected on them. Organizations must be able to access user data easily and urgently as GDPR requires that they provide a detailed list of everything collected on a user within 30 days of the request. Developers need a plan for how they are going to quickly access the requested data in order to generate the report with minimal disruption to daily operations. As a result, many organizations are making the shift to cloud-based data storage due to the elasticity and speed offered through cloud services. 

Evaluating existing data

Once all questions about data collection have been answered, developers should evaluate existing user data and consider exactly what data is essential to the organization. For example, it might not be necessary to collect phone data. Assessing and identifying data trends within an organization will save time and manpower when the inevitable audit or user data is requested. 

SEE ALSO: Want to improve your data security? Be GDPR compliant

Understanding the benefits

The passage of GDPR was followed by additional legislation to the same effect, such as the California Consumer Privacy Act. As businesses expand global reach, they need to be mindful of new and pending data regulations. Creating a sense of trust for users will create loyalty and users will want to do business with organizations that they trust and are loyal to. Organizations stand to benefit with regards to public perception, but also in reviewing processes specific to data storage. GDPR has inadvertently helped organizations streamline these methods. 

As the sun sets on year one of GDPR, there’s no better time than the present to evaluate processes on data collection and storage. The regulations are not going away, and for the sake of trust and productivity, it’s important to remain diligent when it comes to consumer data.


Chris Jordan

Chris Jordan founded Endeavor Security, a cutting-edge, threat detection and analysis company focused on helping enterprises and governments protect their most sensitive networks. Acquired by McAfee in 2009, he then continued with a role as Vice President of Threat Intelligence. Well known for establishing some of the largest Government security operations centers, Chris changed his career, starting a security service company in 2003 and a research & development company in 2004. Both companies have since been acquired, and with retiring from McAfee in 2012 founded Fluency® with longtime friend and coworker Kun Luo. Follow him on Twitter @fluencysecurity

Inline Feedbacks
View all comments