I've been at the Redgate office all week, broadcasting SQL in the City and meeting with product teams. Quite a bit of our focus is on the GDPR law, with enforcement beginning in May. We're building and enhancing tools to help you cope. That means I've been spending a significant amount of time trying to learn and comprehend the potential impact to data professionals, both to help guide customers, but also to ensure our software will help them ensure compliance in their data systems.
Over the last year I've seen lots of doom and gloom, everyone needs to fix their systems and ensure data can be deleted on demand concerns in the media over the GDPR. Ultimately I think there is work to be done for many companies in the EU or those that sell products and services to the EU, but we don't quite know to what extent we need to change existing applications and databases. Lawyers and solicitors will sort some of this out across the next few years, though I certainly think any data breaches in the next year will be dealt with more harshly by regulators if organizations haven't made any effort to secure their systems.
There are also some simple things that I think most of us should just do. When I first saw the addition of data classification in SSMS, it seemed fairly trivial. However, the more I've thought about it, this simple addition is a way of ensuring that I can easily spend a relatively little amount of time to just think about the information in a database. Just tracking this down can be a pain, and if the information isn't recorded in an easy to access format, it's easy to forget what items need our focus. Using Extended Properties is a great idea, as the information is kept with the database, but this means that a better interface than the table properties is needed. There are also a few potential problems doing things this way, but this is a good start to becoming better data stewards.
That's what we need. A few good starts. We need to see this as an opportunity to clean up practices and move forward in a way that shows us to be professional data professionals that take our responsibility for data security, accuracy, and usage seriously. This is a chance to move forward in a way that reduces our risk of losing data, of becoming the next "headline" corporation or government agency that makes a mistake. Instead, we can embrace this as an opportunity to find new ways of managing our data and extracting information while still complying with data privacy rules.
I read a white paper that talk about the challenges of IoT data in a GDPR world. There are issues to be concerned about, but this also means there will be opportunity for those that devise better data handling methods, that learn to clearly disclose their purpose and practices. I suspect most people realize that there is a certain amount of information that companies collect, and that if there is some value or usefulness that company gives back, we can accept their data storage. Where individuals often become concerned is when organizations move their data to other parties without their consent.
To me, this means it becomes more important for an individual company to understand and process their own data. There will be less movement of data between companies, and perhaps less ability to purchase and import data from others. We'll need to help our organization extract more value from the data we are allowed to hold, meaning those of us that are data professionals will become more important. At least, that's what I hope happens.