Andy Hibbs

GDPR - Ostriches with our heads buried in the sand?

Discussion created by Andy Hibbs on Dec 5, 2017
Latest reply on Mar 20, 2018 by DonCollier

I find it incredible that searching on GDPR (General Data Protection Regulation) within this forum provides 3 results. These new regulations being introduced by the European Parliament will take effect on 25th May 2018, leaving us with less than 6 months to comply.


This will affect, not only people within Europe, but anyone working with information relating to EU citizens will also have to comply with the regulations.


The headline that gets most attention is that the maximum punishment could be €20 million or 4% of global turnover.


The difficult thing is that, although the laws have been written, it isn't easy to obtain what the actual impact will be on each organisation. The only sure thing is that it is going to cost us all money and legal fees will increase.


The 'Preparing-for-the-gdpr-12-steps.pdf' from the ICO (Information Commissioner's Office) is attached to this post, which some may find useful but, as John Renfrew suggested in the ideas section a while back (which now has 7 votes), this should be an ideal forum for the various types of FileMaker developers to compare notes. We provide both cloud hosting and hosted vertical market solutions. How does this affect us in comparison to the more traditional FileMaker consultant? Like us, are you being asked GDPR related questions by your customers and, if so, how are you responding?


Junior Verreijt-Nielsen gave a very energetic session at the Scandinavian Dev Con, which raised as many questions as it did answers and that is pretty much where most of us are at.


From a personal point of view, having managed FileMaker Servers hosting encrypted files, something as simple as whether all data hosted is to be encrypted puts the fear of the almighty in us. With a number of servers and a few hundred files, this would require a full time employee to manage; just entering passwords - if you don't believe it, try putting a few encrypted files on a server and attempt to open all files. Yes you can save the passwords one at a time, but they don't stick, particularly after a separated solution update. Is it even viable for an SBA to use FileMaker Server for a large number of files?


We're creeping towards the commitment we have to make to GDPR, we are receiving enquiries from our customers, but equally we're trying to make those who have not heard of it aware - and there are plenty of them. As ever, it is the small businesses, our traditional market, who don't have the resources to dedicate to this and it is another regulation headache they have to comply with. Thankfully we have some traction, due to some of our customers being regulated by the FCA, so steps such as security risk assessments already exist.


Can we use this forum to clarify some of the scarier stories doing the rounds, such as the 'right to be forgotten' requiring data to be removed not only from a live system, but every backup ever taken and stored? How will this affect our terms and conditions? Are there any check lists or templates out there we can use to gradually tick off our route to 25th May?


Are we the only ones here not ready yet? Once again, more questions than answers. Over to you