Jon Collins on the General Data Protection Regulation (GDPR)

Episode 61 · February 5th, 2018 · 50 mins 29 secs

About this Episode

“It’s quite good to see GDPR as an evolution, not a revolution.”

The EU is rolling out a huge privacy data regulation policy this Spring, the General Data Protection Regulation, or GDPR. If you do anything with “customer data,” you should probably at least take a look at it. Companies like Facebook and others who use customer data to work with third parties are gonna have GDPR all up in their grills. In this interviews episode, we talk with Jon Collins who’s been writing about GDPR of late from his perch in the UK. Jon’s an excellent analyst and always has incisive takes on enterprise IT related matters, as well as music (sadly, not featured in this episode).

You can now buy Software Defined Talk t-shirts and fill out the contact form with your mailing address if you’d like some free stickers!

Brandon Whichard, Coté, guest Jon Collins.


  • Putting people on the line for data handling problems.
  • Defining legit use for data: like updating on products bought, recommending other things to buy based on past buying. But, when it comes to holding you’re kid’s interest and other creepy thing, stuff comes into effect. Can’t hoard data now, have to justify why you’re doing it at least.
  • So, sort of: if a third party gets ahold of the data, you need to spell out to the end-user what the data is and how it’ll be used.
  • They started thinking about GDRP in 2005; it’s taken then 12 years for them to come up with this.

Jon on GDPR, and more

  • “GDPR, a topic about which I feel strangely sad [about]”
  • Summarize it - ensure data can be encrypted, provide data on-demand, notify of data breaches (but just in unencrypted?), appoint CDO, somehow describe policy to end user (is this a set policy or can organizations differ it?), data must stay in EU (unless protection stuff is done off-shore)
  • How’d this come about?
  • “IT professionals expect that compliance with GDPR will require additional investment: over 80 percent of those surveyed expect GDPR-related spending to be at least $100,000.” (Book of all knowledge)
  • In use: “Facebook needs to ask people if it can use status posts as input to its advertising engines, whereas Google does not need to know someone is — its AdWords algorithms generate information based on search requests, location and so on, without being personally identifiable.”
  • Meanwhile, “we will consent to have our privacy even more eroded than it already is.” What exactly should we care about with data privacy: how does an individual think through what Facebook does, Axcion, Target, the government, foreign governments, etc. - aka, Jon vs. The McNealy Privacy Principal (it’s dead, get over it).
  • Generalizing to Jon’s five rules of cyber security.


Credits: header image from warrenrandalcarr.

Episode Comments