GDPR, clear guidance?
Two years ago on May 25th, the general data protection regulation or GDPR went into effect in the EU. It has been stretching the patience of nearly everyone involved, but also created a sense of urgency around data protection rarely seen before, says Tobias Gerlinger, CEO of ownCloud. Yet for many organizations it remains frustratingly elusive to judge which platforms, products and services comply with GDPR. Clear guidance from data protection commissioners could help clear things up for those in the market for software that stores and processes relevant user data.
Terms such as data portability, privacy by design and privacy by default were previously only known in specialist circles. Today, the vast majority of decision-makers in companies and organizations can make use of them.
Comprehensive, dependable list of platforms needed
In one recent example, Office 365 was judged to be fit for use in schools of the German federal state of Hesse only if any transmission of diagnostic data to Microsoft is prevented by administrators. Such band-aid solutions put an undue strain on IT departments. Schools as well as companies and other institutions need a thorough, comprehensive and dependable list of platforms, products and services deemed in compliance with GDPR by state and federal data protection commissioners.
This is not only in the interest of consumers whose personal data is at stake. It’s also a question of justice.