I consider myself pretty clued in when it comes to my personal data. Knowing where it was was stored and deciding on how to share it. I would have also been of the impression that I have nothing to hide (and what I do want to hide, I won’t put online). I changed my mind today thanks to the GDPR and a fun experiment.
A fun experiment
It started out as a fun experiment. The Guardian had asked me to confirm my opt-in status (go GDPR prep!) and I browsed around some articles while I was there. There was one where the journalist described downloading her data from Facebook. My limited attention span got me to the part of the article on how it’s done (Go to your settings and you’ll see a link, it takes 2 minutes and 2 password confirmations). Off I went and I have a feeling her experience is similar to mine!
So much fun, all my photos from the past 10+ years in a handy download. The file arrived and I realised that Facebook also stores every single Messenger app conversation. I was surprised because I simply didn’t realise they do that. But, it’s still fun and I promptly shared the cheesy first messages between my husband and I with him. There are pokes from 2012 and my entire timeline. It’s like a scrapbook of my online life.
That’s where the fun ended.
Something to hide
I dove deeper and found a folder named files. There is my CV from 2014 complete with my address, phone number and full work history. And I realised, I do have something to hide. Not because it’s a “bad” thing but because it’s dangerous and frankly none of Facebook’s business.
Facebook gives you the option to delete Messenger conversations completely. And this is what I’ll have to do. I’m currently researching whether this means that the data is fully forgotten or whether it’s still stored somewhere in the background. I haven’t found an option to just forget attachments (anyone have any tips?).
Without my newfound data privacy obsession I probably would have never done this exercise. I always considered myself secure in what data I share about myself online. It makes you think about the lists shared by email (albeit locked, but still), the screen shares and other sensitive data we share electronically every day to run a business.
GDPR is being advertised to the public in Ireland, Denmark, the Netherlands and other EU countries to make the public aware. There isn’t a single business conference that doesn’t have at least one GDPR talk. More and more people will ask about their data and become more aware of what they have to hide.
To me, the legislation is about handling our data subject’s information with respect. Today, I realised that I need to be more mindful myself. Some things we have already adopted at BusinessBrew and will do more of:
- We stopped downloading data unless absolutely necessary.
- We increased our cloud sharing security with additional passwords and restrictions.
- We have ensured that we can remotely log out of every tool we use.
- We do not send emails with data attachments unless secured (email lists are not being emailed, instead we are using cloud sharing).
- We have cleaned up all past downloads and any files on our hard drives.
- We are in touch with all data processing tools we use to ensure that they will be secure by May 25th.