I’ve written previously about GDPR, thinking out loud about running an event called OMGDPR – a community run, unconference to explore the changes to the industry it’ll bring about. In this post, I introduce the event publicly and explain why I think it’s important.
The background – what’s GDPR?
GDPR stands for General Data Protection Regulation – it’s the term used to describe a set of changes to laws governing how data about people can be stored and used, in the EU, but also about EU citizens when they’re outside the EU too.
These changes become law on May 25th across the EU, and this is generally seen as the first time data protection regulation has had teeth.
I’ve written more on this blog, when I first floated the idea, and again with this update when I described the format in more detail. I also did a somewhat rambling talk last night at the Thingscon Salon at Mozilla’s headquarters.
You can now sign up for OMGDPR
I’m pleased to announce that on Saturday, April 21st, we’re running OMGDPR, a community-run conference about GDPR, at Soundcloud’s swanky offices.
You can now sign up to come to OMGDPR at the Eventbrite link below:
I’ve had to explain why I think GDPR is important a few times in the last few weeks.
If you’ve been following recent revelations about social media being used to sway elections and referenda around the world, and the seemingly endless stream of data breaches and questionable practices around, I think you’d agree the way personal data is used, stored and traded needs to change.
We need an alternative, and industry has consistently failed to regulate itself or provide one, so GDPR is effectively the policy response to this garbage fire.
GDPR is interesting for two main reasons for me.
Firstly – unlike previous data protection legislation from the late 1990’s, it’s not so prescriptive about how organisations should comply with the law.
This is good, as we don’t end up with the silly conversations about cookie law, but bad in the sense that it’s quite as clear when it comes to telling if you’re operating within the law.
Secondly – the penalties for not complying with the GDPR are pretty eye-watering. If you’re found not complying with this legislation, you can be fined up for up to 4% of your organisation’s turnover, or 20 million euros, whichever is larger.
See what I mean about teeth now?
Obviously not every company will automatically be fined these huge amounts on May 26th if they’re not complying with the law, but it provides a very strong motivation to look at how data is handled, that we’ve never had before.
Why an unconference – tacit, emergent vs explicit, codified
I came across a really nice explanation on the value of unconferences recently, on the oneTeamGov blog on Medium, explaining the difference between sharing explicit knowledge with conferences and workshops, compared with sharing implicit knowledge with unconference style events:
A traditional workshop will focus on spreading explicit knowledge (the codified knowledge on what works best) that is contained in best practice databases and toolkits. The unconference format also uncovers tacit knowledge; what participants have learnt works well in their local context.
So to paraphrase:
When you have a clear solution to a problem, it’s more useful to spread that codified knowledge in the form of talks, workshops, which emphasise attendees absorbing information from an expert.
When you have more uncertainty, and a group of people motivated to solve it unconferences are good for surfacing knowledge about what works, from the entire group.
I’m shamelessly borrowing the image below from that post, as I found it really useful when thinking about this:
Applying this to GDPR and OMGDPR
For the parts of GDPR, that are explicit and well understood (much of it is based on existing practice, which often hasn’t been followed) – there are now loads of people doing the codified knowledge stuff.
Type in GDPR into a search engine, and you’ll find loads and loads of consultants and trainers who can help you now for a price.
For the parts that aren’t so clear, there’s a role for unconferences and similar, hence OMGDPR.
A favour to ask
Typically, white dudes like me and Maik are really well represented at tech events, so I’m pretty sure we’ve got that viewpoint nailed. We’ve also had some success with reaching people who don’t sound and look like us, and nor work in the same context.
But it would be a missed opportunity if we missed out on hearing the voices who are typically marginalised not even considered when tech products are built for mostly white male Europeans and North Americans.
Also, you don’t need to be some technical genius to contribute – we really want a wide variety of voices, as GDPR affects a wide range of people, with different things to bring. If you’re a designer or work with content – for example, then there’s a whole piece about making consent understandable, and how we need to rethink patterns we’ve used before. If you’re more into operations, there’s a whole range of new kinds of agreements that need to be understood and implemented now. If you’re into strategy or service design, there’s a whole raft of new privacy friendly ideas for services waiting to be discussed
An unconference is only as good as who comes to it, so if there are people you’d like to see there, and you think their voice would add to the conversations on the day, please do invite them.
Final note about doing this in other parts of the world
We have a nice venue, and some smart people signed up already but there’s nothing magical about OMGDPR that can’t be replicated elsewhere.
I’ve had a few people ask about doing this elsewhere in the world later in the year. I’m curious about how much appetite there is.
If you’re not coming to OMGDPR in Berlin but still interested, please do get in touch.