It's 5 Months since the introduction of GDPR and as predicted things have changed.  I remember in the lead up to GDPR people said it was like Y2K, there was lots of noise but it would make no difference.  That was mostly the vested interest, the list builders, the data scrapers, the spammers, the cold callers.

Since GDPR and the Cambridge Analytica situation on Facebook, most people have realised that we need to grow up about data.  Companies the size of Facebook, it would be wrong for me to name them, sought advice how to fix things and to date they haven't been hit by any scandal.  Not so sure you could say the same for Facebook.

We've seen stalwart companies like British Telecom hit by data breaches, I do wonder if it's really the business, of business, to hold people's data.  The Fines are going to be out of this world!  

This article does offer good advice as to some good practice in the way you might want to hold data, or you can take the approach that we have at DLA which is to delete any people data.  We deleted our email database for example.

The way I see it and I argued this with somebody on a webinar.  We have to assume it's our mother's data, her address, her credit card, her telephone number that's been leaked.  How would we feel about that?  But somehow or other, my details and email address can be treated differently?

It's time to grow up about data.  In fact maybe in the future the systems and services will turn inside out.  Rather than facebook holding the data (which places them at continual risk of fines) they give all the data back to us, which we hold.  We then offer that data out (like the example in this article) for payment.