The great GDPR rush is now, more or less, over. The email torrent reduces to a trickle and we have a chance to reflect on what it all means!
Last weekend I spent a number of hours dismantling the 30 or so hard drives that I've had stashed in a box in the office. These represent all of the computer upgrades that I've done since I started building PCs from components in about 1994(ish). Every obsolete hard disk was saved rather than binned because I couldn't quite figure out what to do with them - and so a huge store of data mounted up on my shelf.
The new GDPR regulations have pushed me to look at all of the data in our company and actually deal with it! So last weekend saw me with a screwdriver and a hammer destroying hard disk platters and cutting up old DVD backups. It was a lot of history to destroy - and of course, I've kept some, the hard discs from my first proper music recording PC for example. After my death historians will pore over the contents with wonder at the genius that went unrecognised during my lifetime! I've also got a complete backup of the company files from 2012, which I'm sure will come in handy one day. But the bits I've kept are in the safe, so that's OK.
Old hard disks have been mechanically destroyed, but newer serial ATA disks have been securely erased by overwriting the whole disc sector by sector, so these are now decontaminated and safe for future use.
What we have now is a state where we have more respect for data, a new beginning in how we treat information. We can't chuck it about willy nilly, it has to be stored and catalogued and after a time, destroyed. If we have an individual's personal data we have to be able to at least anonymise it if not destroy it securely. Some aspects of this are technically problematic, but the principle is good.
Respect the data!