As I have mentioned in passing, it is my firm belief that an essential part of GDPR compliance is documentation. If your documentation is sketchy, out-of-date, or vague (consisting, say, of emails and slideshows), how will you show that you have privacy by design, and that you enforce and verify this requirement at every stage in the development process?
Once you’ve created all these documents, how will you find what you’re looking for? Have you ever wasted time trying to find information among hundreds of files in a shared folder or Sharepoint? If so, you already know that these tools have limited ability to search inside of documents. Continue reading “Searching documents with Oracle Text, part 1”
One way to become familiar with the legislation is to read it from beginning to end. Consisting of 88 pages of PDF and over 55,000 words, the GDPR is not a fast read. Nor, having read it, are you likely to hold it in your head. What if you could skip to the parts that are most interesting for you? This post suggests a simple approach to doing just that. Continue reading “What parts of the GDPR are most relevant to you?”
Should versus shall
Sitting down to read through the GDPR is not a casual undertaking, but initial skim-throughs left me wondering about the word should, which one encounters often in the text of the legislation. It seemed odd to me that legislation should merely suggest behaviors and outcomes; I had assumed that legislation is a recital of what you must (or must not) do.
It might be useful to compare the frequency of words like ‘should’ and ‘shall’ (known to English grammar as modal or auxiliary verbs) in the GDPR in order to understand the intentions of its creators. What are they trying to convey with their use of these different modal verbs? Continue reading “Considering the GDPR as a whole”