Two reasons companies may be defying GDPR: a calculated decision, and fear
From 9 to 5 Mac, Jan 21:
It was last week claimed that Apple was one of a number of tech giants which was failing to fully comply with Europe’s privacy law, GDPR. Other companies may be deliberately defying GDPR, it is argued today.
A new piece suggests two reasons for companies not complying with one
of the General Data Protection Regulation’s key requirements …
One of the rights granted to EU citizens under GDPR is that they can
ask for their data to be deleted, and it is this one which scares
companies, suggests TNW’s Amnon Drori.
The first reason might be a simple calculation that the data is worth
more than the likely fine for non-compliance. Although the maximum fine
is an eye-watering 4% of global turnover, the expectation is that this
would be reserved for the most egregious cases. Companies may take the
view that first they have to get caught, and then they most likely face a
much more modest fine.
But the second reason may, argues Drori, be more understandable: fear of breaking their IT systems.
Look at any database, and you’ll see two parts: the data
itself and the field name or metadata. If you take an individual
database, things are fairly straightforward—each field has a name, and
each field is input with data.
But what happens in an organization where several databases exist,
built by different people and used by different departments? […] Just
mapping their data and getting a full picture of what they have and how
it all interconnects is a Herculean task for most organizations—one that
many don’t have under control.
On top of that, there’s the additional problem of masked fields,
which obscure the field name in order to protect sensitive data, which
even some employees may not have clearance to know. When it comes to the
big picture of data organization, masked fields create an even bigger
mess, as identifying what’s in each field and how it matches to fields
in other databases becomes nearly impossible […]
...
MORE