Mainframe Blog

GDPR Is Here!

Phil Grainger
by Phil Grainger

That date that everyone thought would never arrive (or maybe they hoped would never arrive) is finally here.

Yes.

2018/145 or

May 25, 2018.

Apologies to those of you with significant life events on this date. What I am talking about is the European Union’s General Data Protection Regulation (GDPR), which finally becomes enforceable on this date.

We’ve talked about this before, and I’ve explained the requirements to be GDPR compliant and the penalties for not being compliant). This time around I wanted to talk about the way GDPR is affecting all of us.

You may have noticed that as the calendar counts down to May 25, you have been receiving a flurry of emails from companies that you deal with (perhaps you’re on their mailing list, or perhaps you are an existing customer) asking that you confirm your acceptance of the way they keep and use your personal data. Most of the companies have been specifically asking for a positive acceptance (by visiting their website or replying to an email). At least one, though, stated that they would take my continued use of their service as acceptance. Now, I am not a legal expert, but that strikes me as not being in the spirit of GDPR. At the very least, the regulation states that for storage and processing of personal data, explicit permission must be attained.

Will the World Change?

It’s unlikely that the world of IT will change overnight as a result of GDPR, and let’s face it, companies have been preparing for this event for years.

Yet the world at large is much better informed about personal data than it ever was before. With recent events around social media and how your data is being used (or misused) making the news, people are rapidly becoming aware of the implications of unfettered use of personal information. Because public understanding of the issue has improved, companies will face a tougher challenge in getting informed consent. And there are issues in just those two words.

Informed Consent

You can no longer just ask a customer to accept whatever you want to do with their data without explaining it first. As a business, you need to be clear about how you are going to process the data and you need to re-request consent if you ever change the ways in which you use that data. At the same time, you cannot expect users to read pages and pages of explanation in the hope they’ll just tick the “Yes” box and be done with it.

Informed consent also must take into account whose consent you are seeking. For example, a social media platform aimed at teenagers has a totally different demographic than a discussion group of legal professionals. It is not acceptable to use the same wording in both cases.

Informed Consent

Another challenge is that consent, once given, can also be rescinded by your user/customer. Yes, that’s right. Customers now have the right to contact you to say they no longer accept your terms. This is a little different to “the right to be forgotten.” In this case, for example, they might still want to remain your customer, but they don’t want to be on your mailing list any more.

Are You Prepared?

All this means, of course, that all companies should have been ensuring that they hold consent from their customers to store and process their personal data and that they have procedures in place to track that consent and to process any changes in the consent that has previously been given.

Data Recovery and GDPR

Before I close, I’d like to take a moment to remind you of the upcoming webinar from BMC on the subject of GDPR and data recovery. It’s on Wednesday, May 16, 2018 at 1 pm ET/12 noon CT/7pm European Summer Time.

Achieving recovery compliance under GDPR can be easier than you think—and it can also save you money in the long run. Find out how you can protect your business and stay one step ahead of auditors—register today!

IDC: Essential capabilities for GDPR compliance

Build GDPR success on a foundation of visibility, governance, and automation. Register now to receive your copy of the complimentary IDC InfoBrief.
Get the report ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

About the author

Phil Grainger

Phil Grainger

Phil has 30 years experience of DB2, starting work long ago in 1987 with DB2 Version 1.2. Since then he has worked with all versions, including DB2 12.

From his beginnings as a DB2 DBA for one of the largest users of DB2 at that time in the UK, through his time at PLATINUM technology, his almost 10 years as Senior Principal Product Manager at CA and through to his current position with BMC Software, Phil has always been a keen supporter of user groups and is a regular speaker at both vendor sponsored and independent events. His work with IDUG includes being a past member of the European IDUG Planning Committee, an inductee into the IDUG Volunteer Hall of Fame and now Board Liaison for BMC Software

Phil has been honoured by IBM as an Analytics Champion from 2009 to 2017

Phil is now Lead Product Manager at BMC Software working in support of their DB2 tools portfolio

In addition, Phil is a regular contributor to the IDUG sponsored
DB2-L discussion list