What GDPR Means for Application Teams

You’re likely aware of the European Union (EU) General Data Protection Regulation (GDPR) that strengthen’s the rules regarding user data and privacy. This regulation applies not only to data processors operating in any EU member country, but also to non-EU companies that process data concerning EU citizens. Given the global nature of modern commerce, the potential impact of GDPR is far-reaching.I will refrain from going into yet another “Myths or Facts about GDPR” post, as such an approach is often aimed at creating fear, uncertainty and doubt (FUD). Instead, in this post I’ll focus on what GDPR compliance means from an application development team perspective.Data Owner Rights under GDPRGDPR lists several actions that can be taken by a “data subject” (i.e., customer) as respects his or her personally identifiable information (PII) that is persisted in a storage medium hosted or controlled by a service provider. In so doing GDPR makes it clear that the data subject is the owner of his or her personal data.As respects the rights of a data owner, GDPR requires organizations that come under the law to have the following policies and processes in place when it goes into effect on May 25, 2018:Right to Erasure — The...
Read more

Data Breach — Fix the problem, not the symptom

By now most of us have grown accustomed to reading daily news about data breaches impacting organizations of all types and sizes. Usually we read with the intent of understanding the cause and effect of a breach, but in some cases we are personally affected. Collectively (and justifiably) we judge how swiftly an organization communicates, fixes and mitigates the damages of a breach.Breaches come in all shapes and forms. Over the past 10 years, David McCandless at Information is Beautiful has done a fantastic job curating the occurrence and scope of data breaches affecting organizations.World's Biggest Data Breaches & Hacks - Information is BeautifulTake a moment to explore this bubble chart. It is almost certain that your personal data was compromised as a result of one or more of these breaches.And here is the data behind this visualization in spreadsheet form, which may give you yet another perspective on the scope of the problem.Information is Beautiful: Data Breaches (public)Data never rests. In fact, about 2.5 quintillion bytes of it is created daily. Data has definition, taxonomy, a point of origin and one or more destinations.Let’s illustrate a typical data lifecycle from the standpoint of an online...
Read more

Shiftleft — Notes on a journey

Do you remember what life was like before Google Maps?Often you had to plan your trip using printed maps, marking destinations and points of interest using a pen. Then inevitably, all your effort was for naught when you hit peak traffic or major construction and have no idea to work around it. Those were the dark days indeed. Enter Google and Apple Maps, in the palm of your hand, under your complete control. If the idea of using a physical map today seems a bit too much work, blame it on your electronic navigation system. About 4 out of 5 drivers confess to the inability to navigate without electronic guidance systems. As a consequence of technology, printed-map reading today, is an acquired skill.With the advent of Waze, we have real time crowdsourced traffic powered by a community of users. Waze tells you when you should leave, while taking into consideration things like expected traffic conditions, alternate route suggestions, aggregated traffic history and more. Soon, level 3-5 autonomous vehicles can switch routes using Waze’s decisioning algorithm in order to avoid traffic congestion and commutes can become increasingly automated. Switching gears, the entire infrastructure powering intelligent...
Read more