DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More Topics
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » Leadership Suite » DevOps to the Rescue as GDPR Deadline Looms

GDPR Deadline Looms

DevOps to the Rescue as GDPR Deadline Looms

By: B. Cameron Gain on April 12, 2018 1 Comment

The stakes are high: Organizations failing to comply with the European Union’s (EU) strict General Data Protection Regulation (GDPR) face fines up to 4 percent of their annual revenues or €20 million ($25 million), whichever is greater.

Recent Posts By B. Cameron Gain
  • Best of 2021 – Torvalds’ Bug Warning is a Lesson for Linux Users 
  • NS1 Touts a Common Delivery Platform for Devs and Ops
  • Rocky Linux Emerges as a CentOS Replacement
More from B. Cameron Gain
Related Posts
  • DevOps to the Rescue as GDPR Deadline Looms
  • How DevOps Helped One Firm Get GDPR Right
  • Despite DevOps, Firms Unprepared for GDPR
    Related Categories
  • Blogs
  • Leadership Suite
    Related Topics
  • GDPR
  • General Data Protection Regulation
  • mandate
  • regulations
Show more
Show less

But while the threat of what happens if organizations ignore the mandate when it takes effect at the end of May is clear, how DevOps teams will lay the groundwork to comply is less cut and dry.

DevOps/Cloud-Native Live! Boston

At the same time, DevOps can allow organizations to meet the regulation in an agile and relatively quick way by integrating the working efforts of an organization’s stakeholders, IT operations, QA, InfoSec and development teams.

“GDPR is the new boogeyman in tech, kind of like Y2K was years ago,” said John L. Myers, an analyst for Enterprise Management Associates (EMA). “Ideally, all of this will be handled with automation and DevOps.”

The Right to Disappear

An especially strict GDPR provision is any individual user’s right to both opt out of having their data collected by a private enterprise as well as their right to be forgotten. The so-called “Right to Erasure” Provision gives EU-based individuals the right to demand the removal of access to their personal data on an organization’s servers, either on-premises or the cloud. An individual’s right to have personal data “forgotten” also applies to personal information an organization may communicate to third parties.

“The challenge lies with tracing personally identifiable information spread across multiple platforms, including third parties and CRM, ERP, payments, ordering, etc.,” Myers said. “Most organizations don’t have that level of visibility and transparency.”

The challenge is thus understanding where all the instances of a person are within a data landscape, he said. If an individual in the EU decides to be forgotten and to opt out, an organization must know all the places where that person is identified within data management platforms and files, such as spreadsheets. For organizations that have a relatively small number of places where they store data, the process is easier, of course.

However, there is one important footnote in the right-to-be-forgotten provision: Organizations do not have to actually delete personal data and records if individuals choose to be forgotten, Myers said. Rather, DevOps can encrypt their information, allowing organizations to keep transactions, customer counts, inventory, etc., but without identifying the individuals. DevOps also can be used to rapidly deploy code and processes to validate requests to be forgotten and to “unforget” individuals who later opt in.

“With encryption, DevOps keeps one key for the company and sends or stores the other key for the EU individual in case they change their mind,” Myers said.

However, using DevOps to automate compliance might be delayed in some cases, as organizations may first have to improve their data inventory management practices to better visualize the often-various places where individuals’ data is stored, Myers said.

“Without an inventory of all the ‘wheres’ of customer, partner or supplier data that might be listed in the various data platforms, it will be difficult to automate out of the gate in May or even June,” Myers said. “As organizations get a better understanding of the inventory of their data landscape, they can add DevOps automation to the process. But at the earlier stages, it might be a manual process that is monitored, managed and standardized so that DevOps can take over and make it a reality.”

Some Good with the Bad

Discussions about GDPR tend to focus on the associated pain and potential costs organizations face to meet the mandate. But with every change comes opportunity. With respect to the GDPR clause giving individuals the right to be forgotten, for example, DevOps will have the freedom to deploy code and processes to boost their organization’s transparency for individual data storage, both in-house and what third parties access.

“Having this inventory or visibility into all the components of a data landscape is a key for digital transformation,” Myers said. “Companies can use it as a good reason or excuse to move toward a more standardized and transparent environment that will accelerate those initiatives.”

Some DevOps team members may also take pride in knowing achieving compliance for GDPR could also arguably be a step in the right direction to improve data protection for the common good of society.

“There is the issue with actually securing the data that is collected to keep others from obtaining and exploiting it. Since identity theft is a raging problem, protecting personal information is paramount,” said David Monahan, an EMA analyst. “If we had usable federal legislation in the U.S. like GDPR, we would have had a much likelier outcome of Equifax being severely fined or even closed down for its poor data-protection practices. Credit bureaus are predatory when it comes to data, and since individuals have no right to refuse collection, all of that information is bought and sold without our consent.”

— B. Cameron Gain

Filed Under: Blogs, Leadership Suite Tagged With: GDPR, General Data Protection Regulation, mandate, regulations

Sponsored Content
Featured eBook
DevOps: Mastering the Human Element

DevOps: Mastering the Human Element

While building constructive culture, engaging workers individually and helping staff avoid burnout have always been organizationally demanding, they are intensified by the continuous, always-on notion of DevOps.  When we think of work burnout, we often think of grueling workloads and deadline pressures. But it also has to do with mismatched ... Read More
« HashiCorp Extends Secrets Management Reach
ADDI Addresses the Problem of Dependency Management »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

LIVE WORKSHOP - Boost Your Serverless Application Availability With AIOps on AWS
Wednesday, May 25, 2022 - 8:00 am EDT
Supercharge Your AWS Cloud Platform With Self-Service Cloud Ops
Thursday, May 26, 2022 - 1:00 pm EDT
Abracadabra: Achieving Zero Downtime With ANY Observability Tool
Tuesday, May 31, 2022 - 11:00 am EDT

Latest from DevOps.com

Could Buying VMware Bring Broadcom Hybrid Cloud Bona Fides?
May 24, 2022 | Dan Kirsch
Competing Priorities Prevent Devs From Creating Secure Code
May 24, 2022 | Pieter Danhieux
DevOps/Cloud-Native Live Boston: Get Certified, Network and Grow Your Career
May 23, 2022 | Veronica Haggar
GitLab Gets an Overhaul
May 23, 2022 | George V. Hulme
DevOps and Hybrid Cloud: Life in the Fast Lane?
May 23, 2022 | Benjamin Brial

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

Hybrid Cloud Security 101
New call-to-action

Most Read on DevOps.com

DevOps Institute Releases Upskilling IT 2022 Report 
May 18, 2022 | Natan Solomon
DevSecOps Deluge: Choosing the Right Tools
May 20, 2022 | Gary Robinson
Creating Automated GitHub Bots in Go
May 18, 2022 | Sebastian Spaink
Managing Hardcoded Secrets to Shrink Your Attack Surface 
May 20, 2022 | John Morton
Is Your Future in SaaS? Yes, Except …
May 18, 2022 | Don Macvittie

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.