What has been done in practice for GDPR compliance in a complex startup incubator-like environment with many teams, many products and heavy usage of cloud services.
Understanding personal data processing, identifying missing agreements and assessments: defeating the nightmare of spreadsheets. Consents and objections management: finding a way to user friendliness and better conversion rates. Data filtering according to consents and objections: finding proper place to apply filters, heavy-lifting in the Data Lake, solving problem of decision checks in latency-sensitive applications in a distributed environment. ID Mapping — an exciting journey of user, subscription and device identifiers Data subjects’ right requests handling: automation — good, bad and ugly.
- Personal data processing is not unlawful, it just should be done right
- Practical implementation of the privacy protection can be tricky, but biggest difficulties are to understand what has to be done and how to do it in a meaningful way
- From the first glance law compliance can be boring and have no room for innovation. This is not quite true. Approach is the same as for any product development in the modern world — build a great team, learn personas you are working for, be agile, experiment