18
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 30 Dec 2024
18 points (100.0% liked)
TechTakes
1568 readers
352 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 2 years ago
MODERATORS
I remember during my very very first job a security guy explaining to me why I can't record work emails of people borrowing stuff from the company's internal library because GDPR. In a company of like 100 people. I guess Google is too big to care.
It's the same feeling as when it's reported some guy was able to defraud literal millions from public funds while I had to separately report and bring a receipt for the $5 I spent on a city bus while out on a business trip because it was funded from a public grant or I'd get fired and sued, in that order.
I'm not a gdpr person (nor even european) but this sounds like bullshit - was it?
I simplified , but:
The problem is that if someone leaves the company you should delete all of their PII you don't need for compliance reasons. The emails were firstname.lastname@company.com, as is usual, so it was PII. So if someone borrowed something from the library and that record stayed in the database, when their company profile got deactivated we would've had to have a flow that deleted that row or at least anonymised it. Needless to say, this was a minor side project with a time budget of one month, so we just ended up not storing any PII in the first place instead of bothering with archiving and removal.