In recent months, many of us have had to deal with the EU GDPR. The aim of the new European General Data Protection Regulation is to protect personal data – with a view to the large global data suckers such as Google and Facebook at the forefront. A laudable goal in itself. However, during practical implementation in the company, I got the impression that the basic regulation clearly overshoots the mark.
Software programs in which email addresses or names of users are stored must be analyzed at great expense to ensure that no unauthorized person can access this data. Order processing contracts go to all software providers who can access your software installed at the customer’s premises for maintenance purposes and therefore also access this user data. What modern software doesn’t do this?
Every small tradesman, every association must draw up a data protection concept, identify its deficits, implement and document security measures and appoint a data protection officer. Websites have to display stupid warnings about cookies, as if every sane website visitor didn’t already know about them. Pages of information on data protection, which nobody reads or hardly understands anyway, must be made available with a simple click. I can hear the laughter outside the EU as far away as my office.
Most of the personal data stored in address management systems, for example, is fairly banal information: Postal addresses, telephone numbers, fax numbers, email addresses. Many users also release this data in the various portals anyway. And at least in Germany, contacting private individuals for the purpose of advertising by telephone or fax is not permitted anyway. Contact by email is not really necessary either and the latter can be easily canceled by reputable senders – the dubious senders do not adhere to any regulations and rules anyway. Or do you have the impression that the flood of spam has decreased since May 25, 2018?
Is such user-specific banal data really worth protecting? If this low-threshold data had been excluded from the EU GDPR, 95% of companies would probably only have been affected in the HR sector, where data is generally handled with care. It seems to me that the main thing at play here is machine storming. Fundamental mistrust of new developments has never helped to push them back, but it successfully contributes to hindering one’s own competitiveness. Let me remind you of Google Streetview, which is hardly available in Germany because a small minority of overanxious people have pushed through their excessive data protection rights. Conversely, I allow myself the heretical question of whether more data transparency with this low-threshold data would not be better in some cases: If all users of internet platforms and email traffic were clearly identified by means of a postal identification procedure, there would be fewer smear campaigns, cyberbullying, shitstorms and presumably also fake news.
Nevertheless, the EU GDPR also has a good side. The data protection measures also fulfill their purpose in many places and contribute to data security. There is indeed a need for action here to ensure that our Industry 4.0 efforts do not fall victim to hackers.
Image rights: wattblicker / pixabay