This is not a blogpost, which is why it appears to be published on Unix Epoch.
Here are my occasionally-updated notes on the GDPR and the other legislation in the growing family. Why keep private notes when all the world can keep them backed up for me?
Official English text of the legislation , Text Francais
The most important thing about all of this is that neither a pure lawyer nor a pure technologist has the knowledge alone to be a GDPR specialist. Nor even a lawyer+technologist, because in addition there needs to be skills in the fields of privacy and computer science.
My Analysis of Automation of GDPR Article 28 Contracts . These mandatory contracts are surprising at first, in fact I didn't understand their significance for a long time. But they are detailed, mandatory and must be implemented.
French text as adopted into French law: for now this is a messy set of patches to existing French privacy law that will be replaced with a single piece of legislation "as soon as possible". The GDPR text from the EU is required reading, because for some time the French law will be this unreadable patch set.
Practical tricks to reduce the problem space in companies include creating internal search engines that index absolutely everything, and scrutinising documents on every File/Open and File/Save.
Penalties in France: The French recourse is potentially much tougher than in some other countries because groups representing individuals can bring a case and be awarded damages. (That was not how the January 2019 Google fines arose, that was the CNIL giving a straightforward penalty.)
CNIL: Compared to the UK and some other countries, the CNIL is less central so that Data Protection Officers have even more responsibility than they do in the UK.
English is Insufficient: I read this question about GDPR unstructured data as part of my own investigations on the topic, and found it confusing. It seemed quite plausible, because Recital 15 in English can feasibly be interpreted to say that unstructured filing systems are exempt. However, the German and Dutch and (to my mind to a lesser extent) the French text make it clear that this can only be physical files.
I like this post. I was searching about GDPR Compliance over search engines and found your post and it really helps thank you very much.
ReplyDelete