We were discussing implications the other day. We supply software to companies who then store personal data. In order to investigate specific issues we often have to go onto their machines and view the system since so many issues are data dependent. But having done the in-house training the other day (which was still pretty WTAF at times) it feels like that means ever customer of that company has to explicitly say it’s okay for us to see their personal details.
I believe the latest version of our software does as much as it can to allow our customers to obey GDPR but part of the issue is that while we can easily hide personal details onscreen at an individual level, encrypting data on the database itself requires a lot more coding so I’m not really sure what is happening around that. Moreover it takes AGES to upgrade software so in the meantime it feels like there are going to be a lot of laws broken
Hopefully I’m just worrying overly about this.