Europe’s tough new data-protection law

The GDPR is prescriptive about what organisations have to do to comply. They have to appoint a “data-protection officer” (DPO), an ombudsman who reports directly to top management and cannot be penalised for doing his job. They also have to draw up detailed “data-protection impact assessments”, describing how personal data are processed. And they have to put well-defined processes in place to govern the protection of personal data and to notify authorities within 72 hours if there is a breach. Companies that persistently ignore these rules face stiff fines of up to €20m ($25m) or 4% of global annual sales, whichever is greater.The Economist - The Real Technology Problem

It'll be interesting to see how the GDPR will work in reality but it's definitely a step in the right direction. The latest Facebook / Cambridge Analytica breach is a great example of something that would have been avoided with a set of rules and regulation in place.

Newsletter

I write a newsletter every two-four weeks. I'll let you decide if it’s any good but people seem to stay on. In fact, thousands of smart people incl. designers from Amazon, IDEO, Figma and Shopify are subscribers.

Latest post