What is GDPR, everyone’s (current) favorite acronym? It stands for “General Data Protection Regulation” and is an act / law / set of laws that governs the collection, retention, and use of personal information for EU (European Union) and UK citizens. It’s the topic “flavor of the month” due to it going into effect on May 25th, 2018.
I am not going to try to explain GDPR. If you would like to learn more about it, I have included links to various resources below.
Now, regarding who is responsible for this data, especially with respect to the “Right to Erasure” (a.k.a. “the right to be forgotten”) which grants individuals the right to have personal data erased, I could not help but think of the “bank run” scene from “It’s a Wonderful Life” (1946). In this scene, a group of people are in a panic and want to withdraw the money that they have deposited in the main character’s savings and loan. The main character, George Bailey (played by Jimmy Stewart), explains to everyone that just because they deposited their money in that savings and loan doesn’t mean that the money is currently there. Most of the money has been invested elsewhere (in the form of loans).
Along those lines, I was imagining how some conversations with admins (database or system) might go when asked about EU / UK customer data. The following is an image from that “bank run” scene — re-imagined as “It’s a Wonderful Regulation” — that plays in my head when I think about how I might be affected, or how others (a few at least 😉 ) might react:
Click here to see the Simpson’s spoof of this “Bank Run” scene (on YouTube)
(Moe: “What’s my data doing in your database, Facebook?”)
- GDPR Portal
- Questions About the GDPR That You Were Too Shy to Ask
- GDPR – A guide for the perplexed (explanation by David Poole)
- GDPR: Why We Stopped Selling Stuff to Europe (reaction from Brent Ozar)
- What is GDPR?
- GDPR Legislation: What Senders Need to Know (54 minutes — 33 minute presentation + 21 minute Q&A — hosted by SendGrid; and/or scroll down to the Additional Resources section for links to the slides and two blog posts)
- Info for organisations
- Getting it right: A brief guide to data protection for small businesses (PDF)
- Data protection: Frequently asked questions and answers about relevant
filing systems (PDF)
- Guide to data protection
- Determining what is personal data (PDF)
- Determining what information is ‘data’
for the purposes of the DPA (PDF)
- Collecting information about your
customers – small business checklist (PDF)