Many tech companies follow the “you build it, you run it” mantra - and for good reason. You want to empower your teams to build high quality services and solutions, and that means feeling the pain when things aren’t quite as good as they should be.
That responsibility also extends to managing the data your service generates. While you likely have SREs or DBAs who provide the database technology and ensure it is reliable and secure, management of the data goes beyond that. It’s about ensuring you store what you need, in a format that’s suitable, for as long as required. And if you’re storing personal data, then yes, that includes storing that data in accordance with privacy regulations, such as the GDPR.
I can almost hear your groan when I mention the GDPR! I used to feel the same, but I’ve changed my mind. It’s not a perfect regulation - far from it - and those cookie pop-ups are really annoying1. But if it’s achieved anything, then it has got both users and providers really thinking about the personal data that is stored and how that is managed.
If you manage personal data then you need to know some of the key parts of the regulation. That involves controls around who accesses it, and why. You will also need processes to ensure you are deleting data as requested or when it is no longer required.
This can sound like a lot of work, but it’s really not that bad when you break it down. Depending on your scale, many of these processes can be manual, and stay that way for a long time. Any new services you build will have these built in from day one, which is significantly easier than retrofitting to an existing service.
In the same way you feel the pain when you run what your build if you don’t follow best practices around monitoring, instrumentation, etc, you will feel the pain if you’re not managing your data correctly. The treatment is also the same. Invest in best practices, better processes, automation, and take pride in handling your customers data as if it was your own.
Cover image from Unsplash.
- Though really that’s on the implementers and their addiction to the invasive tracking data that cookies enable [return]