Do we really have nothing to hide? GDPR is an eyeopener

Evelyn Wolf by Evelyn Wolf   13 Mar


GDPR Facebook

I consider myself pretty clued in when it comes to my personal data. Knowing where it was was stored and deciding on how to share it. I would have also been of the impression that I have nothing to hide (and what I do want to hide, I won’t put online). I changed my mind today thanks to the GDPR and a fun experiment.

A fun experiment

It started out as a fun experiment. The Guardian had asked me to confirm my opt-in status (go GDPR prep!) and I browsed around some articles while I was there. There was one where the journalist described downloading her data from Facebook. My limited attention span got me to the part of the article on how it’s done (Go to your settings and you’ll see a link, it takes 2 minutes and 2 password confirmations). Off I went and I have a feeling her experience is similar to mine!

So much fun, all my photos from the past 10+ years in a handy download. The file arrived and I realised that Facebook also stores every single Messenger app conversation. I was surprised because I simply didn’t realise they do that. But, it’s still fun and I promptly shared the cheesy first messages between my husband and I with him. There are pokes from 2012 and my entire timeline. It’s like a scrapbook of my online life.

That’s where the fun ended.

Something to hide

I dove deeper and found a folder named files. There is my CV from 2014 complete with my address, phone number and full work history. And I realised, I do have something to hide. Not because it’s a “bad” thing but because it’s dangerous and frankly none of Facebook’s business.

It came to me how it got there. I had shared the CV with a friend for her feedback and as we communicated using Messenger it got stored. I’m pretty sure that it’s even totally above board and in line with the privacy policy (if I had properly read it). The issue here is that I didn’t realise that the data was stored and am now aware how easy it would have been for anyone hacking my account to get some very personal data belonging to me.

Facebook gives you the option to delete Messenger conversations completely. And this is what I’ll have to do. I’m currently researching whether this means that the data is fully forgotten or whether it’s still stored somewhere in the background. I haven’t found an option to just forget attachments (anyone have any tips?).

GDPR eyeopener

Without my newfound data privacy obsession I probably would have never done this exercise. I always considered myself secure in what data I share about myself online. It makes you think about the lists shared by email (albeit locked, but still), the screen shares and other sensitive data we share electronically every day to run a business.

GDPR is being advertised to the public in Ireland, Denmark, the Netherlands and other EU countries to make the public aware. There isn’t a single business conference that doesn’t have at least one GDPR talk. More and more people will ask about their data and become more aware of what they have to hide.

To me, the legislation is about handling our data subject’s information with respect. Today, I realised that I need to be more mindful myself. Some things we have already adopted at BusinessBrew and will do more of:

  1. We stopped downloading data unless absolutely necessary.

  2. We increased our cloud sharing security with additional passwords and restrictions.

  3. We have ensured that we can remotely log out of every tool we use.

  4. We do not send emails with data attachments unless secured (email lists are not being emailed, instead we are using cloud sharing).

  5. We have cleaned up all past downloads and any files on our hard drives.

  6. We are in touch with all data processing tools we use to ensure that they will be secure by May 25th.

  7. We have updated our privacy policy to include how to be forgotten and how to access any data that BusinessBrew might hold about you.

These are just the first steps and we will continue to evaluate our own privacy so that no BusinessBrew client or prospect is ever surprised about the level of data we hold. A good first step for you to do as a business is get to work on your privacy policy. Do you communicate clearly in wording your audience can fully understand what data you hold, for how long, why and how they can be forgotten?


Topics: GDPR

Evelyn Wolf

Written by Evelyn Wolf

Inbound strategy specialist and content creator. She will turn your web presence into a magnet and always has wind in her sails.