So today I attended a conference on GDPR, I will write more about it in the future.
But in a nutshell this affects any company that wants to hold data on EU citizens, so basically any one. Oh and it stays even after brexit.
I wont in this post go into full details about how it works, But it has some interesting points that may prove to be impossible to meet as a DBA.
Right To Be Forgotten
One of these is the right to be forgotten, this seams simple enough, just delete them from the database. But no.... this includes all backups, archives and BI data. How can a DBA be expected to remove data from an old backup, especially if that backup is on tape.
Another is Data portability, this is similar to the current DPA in that a data subject can request data on them, but differs in that it states that a "structured, commonly used and machine-readable format" must be used. My guess is CSV would cover this.
Retention of data
Retention of data is also mentioned like the right to be forgotten data must be erased after a set period of time, no real time limits seam to be mention, but its suggested this is after the data subjects data is not useful. This again could be a mine field to manage.
This is an interesting one, the suggestion is that data held about the subject should be essay accessible, again hard work, would this then need to be viewed over the web? If so that would but the data at more risk.
Its all interesting reading. Watch this space for updates.