€20M+ fines and prison: General Data Protection Regulation (GDPR) is coming. What does this mean for DLM?

This session will be delivered jointly by Alex Yates and Pete Moore

Target Audience:

People who hold data about EU citizens (and who like not being in prison).


Do you hold data on EU citizens? If so GDPR applies to you.

From the 25th May 2018 all orgs that hold data about EU citizens (including US companies) must implement appropriate technical and organisational measures to ensure and demonstrate that they are compliant with GDPR. Those who fail will be liable for a fine of €20M or 4% of annual global turnover – whichever is GREATER. Also, prison.

Needless to say, as a professional who works with data it is wise to ensure that you understand GDPR.

DISCLAIMER: We are not lawyers.
Let me repeat: WE ARE NOT LAWYERS.

We are not qualified to give legal advice. However, we do know a thing or two about delivering software. In this talk we will bring your attention to the main aspects of GDPR and discuss some of the consequences this has on the use of production data and Database Lifecycle Management (DLM).

We will focus on technical problems that we need to address. You can (and should) hire your own lawyers to provide legal advice.

Why I Want to Present This Session:


Like most of us – I’m not an expert in compliance legislation. I am a database DevOps/DLM consultant. I like shipping updates, not reading legal documents. However, those law things impact my work.


Because developers like testing with production or “production like” data. If they don’t have realistic data people tend to utter the words “it works on my machine”.

So I’ve been thinking about how to support people to write and test SQL code effectively while attempting to stay compliant with the new legislation. I’d like to share what I have learned, from the perspective of a DevOps consultant, rather than that of a lawyer.

As I’ve said before – I’m not a lawyer, I don’t claim to be a lawyer, don’t sue me.


GDPR is scaring more people than it ought. This is because GDPR is the opportunity to, not only get your Data estate in order, but to requisition the funds to do so. Organisations that don’t take this seriously might get left behind. Ipso facto, those that do will lead.

I want to do this session because the GDPR is fair. Fair on the data subject (and whoever you are that means you) because their rights are made relevant. Fair on the organisation that gets to realise its data potential whilst jettisoning its Data dross. And, ultimately, fair on, you, the Data Scientist because their muse is made legal.

Pete’s Bio:

Data bloke. Keeps it simple. Gets it done.

In today’s world finding the information is easy, asking the correct questions of it: that’s hard. The single best way to ask the right questions is to look at your data. This is what I do: look at the data, ask the right questions, solve the right problems.
LinkedIn, Twitter

Additional Resources:

*Header image is shared under the CC0 1.0 Public Domain Dedication licence

Source: https://pixabay.com/en/cat-prison-animal-bars-look-1938461/

The following two tabs change content below.
Alex is a Data Platform MVP who loves DevOps. He has been helping data professionals apply DevOps principles to relational database development and deployment since 2010. He's most proud of helping Skyscanner develop the ability to deploy 95 times a day. Originally for Redgate, later for DLM Consultants, Alex has worked with clients on every continent except Antarctica - so he's keen to meet anyone who researches penguins. A keen community member, he co-organises the London Continuous Delivery meetup and SQL Relay. He blogs at workingwithdevs.com, speaks wherever they'll let him and manages the DLM Digest monthly email: a report on the latest database DevOps news/tutorials. He's quite fond of nutella. And otters. (Not together.)
Previous Post
A Deep Dive Into Data Lakes
Next Post
Cardinality Estimator on SQL Server 2014/2016

9 Comments. Leave new

Interesting! I would include a few links to GDPR basic info so folks can take a quick read and see if the session is relevant for them.


Definitely an interesting topic. With abstracts there is a gradient between cute and dry/clinical. I think this one learns a bit too much on the cute side. It’s not until the last 3 sentences of your abstract that we get to the meat of your talk. The meat should start in the first 3 sentences. We get right away that it’s about GDPR, but it’s important to know what your talk will cover specifically, and perhaps your approach.

Your second paragraph is a bit of a run-on sentence and definitely needs some commas. If your paragraph were code, it would look like this:

From the 25th May 2018
who fail
to implement appropriate technical and organisational measures
that ensure and demonstrate
that they are compliant
will be liable for a fine
of €20M or 4%
of annual global turnover – whichever is GREATER.

There is a lot of complexity in that sentence right now.

Otherwise it looks good!


I’m a developer and I don’t like testing with production or production-like data; it leads to fragile tests, slow feedback cycles, and, as you allude to, risk of data loss or leakage.

And “works on my machine” is generally a product of manual configuration differing between environments rather than anything to do with test data.

Gudjon K Sigurdsson
July 25, 2017 9:21 am

With this 2018 deadline looming over us I would be very interested in this topic.
Would love to hear your take on application level encryption vs database level encryption.


I would like to see this one fly. We have large telecom in EU using our platform. I can foresee some ’11th’ hour requests coming our way next spring 🙂


We work with banks (staff training/monitoring regulations side, not with the money, but our services still have call to touch customer data) so GDPR is something we are acutely aware of, as our clients could be significantly affected by it and can’t afford for us to screw up on their behalf.

A lot of people in dev / devops / DBA arenas either have absolutely no idea that GDPR is coming or don’t appreciate how wide its reach could be so a good introduction/summary session sounds like a very useful idea.

Too many people give data safety little more than lip-service, despite the many leaks in the news in recent years, GDPR will hopefully scare them into correcting that before it is too late.


Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.