Like several of the regular visitors to this blog, I have spent a lot of time recently learning all about GDPR. When I say "several" I mean, of course, the tiny minority of you who have Grown-Up Jobs. Most people coming here are, I assume, groovy young hepsters who spend all their time listening to "Pod Casts" on their interweb walkmans while roller-skating to the local "Pop Up Shop" to buy wax for their gender neutral moustaches, but I suppose some of you must be as OLD as me. You know, in your mid-thirties ish.
ANYWAY, like those people I have recently been thrown into a series of webinars, blogs, instruction pamphlets and COURSES all about GDPR which comes in in a few weeks and has, apparently, only just been announced so that nobody knew about it, say, two years ago nor had any other time to prepare. As far as I can see it can be summed up in one of three ways, thus:
Like The Data Protection Act, but more so.
You've got to tell people what you're up to.
Don't be a dick with other people's information.
(I am available for in-depth web-learning sessions).
In order to learn all of this AGANE I went to an ALL DAY event at one of the UK's leading Data Archives last week. I actually quite like repeatedly being told the same thing in this way, as it means I eventually REMEMBER some of it, but I was somewhat surprised to find, as the day progressed, that I appeared to be a GDPR EXPERT compared to some of the other people there. The course was for Research Data Managers, like what I am now, so you might have expected everybody to have at least a certain level of knowledge, but GOODNESS ME no.
Not only were some people not up to date with current thinking, they were not up to date with approx the last TWENTY YEARS of legislation, and were very keen to point it out. At one point, when talking about VERY VERY BASIC levels of Good Practice someone raised their hand and SCOFFED, as if highlighting a particularly ludicrous example of PC Gone Mad, "Surely you don't expect us to lock our computers every time we leave the room to go to the bathroom!!!"
The course leader looked AGHAST, but MANY other people nodded earnestly, as if that was precisely the kind of silly nonsense that professionals like them were having to deal with all the time. Another person - who, judging by his Loud Confident Tone Of Voice had trained as either a MEDIC or a Conservative MP - stoutly defended the practice of bunging all and any data on any Cloud system he saw fit to. "It's like using a bank," he said. "I put my money IN the bank, they use it how they see fit, loaning it to other people, and then when I need it I take it back. Why shouldn't I do that with my research data*?"
(*i.e. sensitive information about other people which he had collected).
The whole day was an extreme exercise in self-control, both for the course leaders who managed not to STRANGLE anybody, and also for ME, although I did at one point VERY NEARLY SHOUT at the aforesaid over-confident data spreader. I returned home EXHAUSTED from it all but, I must admit, with a new found sympathy for the many many courses and Explanatory Documents that I've been wading through lately. It turns out some people DO need telling!
The number of times I've had to advise people that storing on non-approved cloud storage is not really a good idea is scary. Education get hit hard with data protection fines (look up Greenwich and Glasgow examples - case in point.)
I suspect the course leaders would have had total *headdesk* moments with some of the participants. It's not even disobeying your local BOFH, it's the law, people.
posted 8/5/2018 by Warren