A few weeks back I wrote an article for the British Computer Society (BCS) on GDPR compliance and the potential under-utilisation of IT professionals in GDPR compliance programmes.
Some of the key areas for IT professionals to potentially get more involved include:
- enhancing the technology behind privacy notices on websites, mobile devices and IoT devices, such as through the use of appropriate XML scripting
- development of a seamless mechanism to achieve "explicit consent" via an online, secure mechanism that has the property of non-repudiation
- helping with the risk analysis process, utilising skills from information security risk analysis
- "upskilling" to gain privacy qualifications
- using software engineering concepts and methodologies to implement "privacy by design" and "by default"
Find out more via the BCS website article.
What can IT professionals do to help?