Meanwhile, there are projects at three different customers in which I was massively confronted with the consequences of the GDPR for the development and operation of IT systems.
The positive aspect that the personal data of customers and employees were generally no longer handled so carelessly was quite evident.
The negative aspects were the cementation of existing and obsolete structures and the obstruction of new technologies. For example, the data storage in a lambda architecture was cleaned of all personal data, which significantly reduced the value of the system.
The organization did so despite of the fact that one could assume that the processing of the data would have been in the interest of the customers whose data were stored there.
As a further consequence, the outdated GDPR system was not replaced, but continued to operate alongside the „castrated“ new system. At the cost of significantly higher operating costs.
Elsewhere, with reference to the GDPR, the testing of a system with real data was prohibited. Even after reference to the subsequent deletion of the data after the tests carried out under supervision did not lead to a rethinking of the compliance officers.
The tests were therefore carried out with artificially generated test data. This ultimately led to incorrect processing of the data in the production system and corresponding losses.
It looks as if the GDPR is a programme to protect European companies from too much progress and digitalization.