Two reasons companies may be defying GDPR: a calculated decision, and fear

It was last week claimed that Apple was one of a number of tech giants which was failing to fully comply with Europe’s privacy law, GDPR. Other companies may be deliberately defying GDPR, it is argued today.

A new piece suggests two reasons for companies not complying with one of the General Data Protection Regulation’s key requirements …

Author Ad Placeholder
Will only appear on redesign env.

One of the rights granted to EU citizens under GDPR is that they can ask for their data to be deleted, and it is this one which scares companies, suggests TNW’s Amnon Drori.

The first reason might be a simple calculation that the data is worth more than the likely fine for non-compliance. Although the maximum fine is an eye-watering 4% of global turnover, the expectation is that this would be reserved for the most egregious cases. Companies may take the view that first they have to get caught, and then they most likely face a much more modest fine.

But the second reason may, argues Drori, be more understandable: fear of breaking their IT systems.

Look at any database, and you’ll see two parts: the data itself and the field name or metadata. If you take an individual database, things are fairly straightforward—each field has a name, and each field is input with data.

But what happens in an organization where several databases exist, built by different people and used by different departments? […] Just mapping their data and getting a full picture of what they have and how it all interconnects is a Herculean task for most organizations—one that many don’t have under control.

On top of that, there’s the additional problem of masked fields, which obscure the field name in order to protect sensitive data, which even some employees may not have clearance to know. When it comes to the big picture of data organization, masked fields create an even bigger mess, as identifying what’s in each field and how it matches to fields in other databases becomes nearly impossible […]

Without understanding how the data is mapped—or in the case of masked fields, what fields are being looked at—then it’s not necessarily understood what’s being deleted.

Deleting a field without knowing the web to which it’s connected could lead to incorrect reports, incorrect data, and a domino effect throughout a company’s entire system.

As for Apple, the company has a stated commitment to rolling out GDPR-standard privacy protections for all its customers worldwide. We haven’t yet seen any details for the allegation made against it, but we should learn more once the complaint is investigated.

Photo: Shutterstock

Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel



Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear