OMGDPR is live – ZOMG

I’ve written previously about GDPR, thinking out loud about running an event called OMGDPR – a community run, unconference to explore the changes to the industry it’ll bring about. In this post, I introduce the event publicly and explain why I think it’s important.

The background – what’s GDPR?

GDPR stands for General Data Protection Regulation – it’s the term used to describe a set of changes to laws governing how data about people can be stored and used, in the EU, but also about EU citizens when they’re outside the EU too.

These changes become law on May 25th across the EU, and this is generally seen as the first time data protection regulation has had teeth.

I’ve written more on this blog, when I first floated the idea, and again with this update when I described the format in more detail. I also did a somewhat rambling talk last night at the Thingscon Salon at Mozilla’s headquarters.

You can now sign up for OMGDPR


I’m pleased to announce that on Saturday, April 21st, we’re running OMGDPR, a community-run conference about GDPR, at Soundcloud’s swanky offices.

You can now sign up to come to OMGDPR at the Eventbrite link below:


I’ve had to explain why I think GDPR is important a few times in the last few weeks.

If you’ve been following recent revelations about social media being used to sway elections and referenda around the world, and the seemingly endless stream of data breaches and questionable practices around, I think you’d agree the way personal data is used, stored and traded needs to change.

We need an alternative, and industry has consistently failed to regulate itself or provide one, so GDPR is effectively the policy response to this garbage fire.

GDPR is interesting for two main reasons for me.

Firstly – unlike previous data protection legislation from the late 1990’s, it’s not so prescriptive about how organisations should comply with the law.

This is good, as we don’t end up with the silly conversations about cookie law, but bad in the sense that it’s quite as clear when it comes to telling if you’re operating within the law.

Secondly – the penalties for not complying with the GDPR are pretty eye-watering. If you’re found not complying with this legislation, you can be fined up for up to 4% of your organisation’s turnover, or 20 million euros, whichever is larger.

See what I mean about teeth now?

Obviously not every company will automatically be fined these huge amounts on May 26th if they’re not complying with the law, but it provides a very strong motivation to look at how data is handled, that we’ve never had before.

Why an unconference – tacit, emergent vs explicit, codified

I came across a really nice explanation on the value of unconferences recently, on the oneTeamGov blog on Medium, explaining the difference between sharing explicit knowledge with conferences and workshops, compared with sharing implicit knowledge with unconference style events:

A traditional workshop will focus on spreading explicit knowledge (the codified knowledge on what works best) that is contained in best practice databases and toolkits. The unconference format also uncovers tacit knowledge; what participants have learnt works well in their local context.

So to paraphrase:

When you have a clear solution to a problem, it’s more useful to spread that codified knowledge in the form of talks, workshops, which emphasise attendees absorbing information from an expert.

When you have more uncertainty, and a group of people motivated to solve it unconferences are good for surfacing knowledge about what works, from the entire group.

I’m shamelessly borrowing the image below from that post, as I found it really useful when thinking about this:

implict vs expliti knowledge.png

Applying this to GDPR and OMGDPR

For the parts of GDPR, that are explicit and well understood (much of it is based on existing practice, which often hasn’t been followed)  – there are now loads of people doing the codified knowledge stuff.

Type in GDPR into a search engine, and you’ll find loads and loads of consultants and trainers who can help you now for a price.

For the parts that aren’t so clear, there’s a role for unconferences and similar, hence OMGDPR.

A favour to ask

Typically, white dudes like me and Maik are really well represented at tech events, so I’m pretty sure we’ve got that viewpoint nailed. We’ve also had some success with reaching people who don’t sound and look like us, and nor work in the same context.

But it would be a missed opportunity if we missed out on hearing the voices who are typically marginalised not even considered when tech products are built for mostly white male Europeans and North Americans.

Also, you don’t need to be some technical genius to contribute – we really want a wide variety of voices, as GDPR affects a wide range of people, with different things to bring. If you’re a designer or work with content – for example, then there’s a whole piece about making consent understandable, and how we need to rethink patterns we’ve used before. If you’re more into operations, there’s a whole range of new kinds of agreements that need to be understood and implemented now. If you’re into strategy or service design, there’s a whole raft of new privacy friendly ideas for services waiting to be discussed

An unconference is only as good as who comes to it, so if there are people you’d like to see there, and you think their voice would add to the conversations on the day, please do invite them.

Final note about doing this in other parts of the world

We have a nice venue, and some smart people signed up already but there’s nothing magical about OMGDPR that can’t be replicated elsewhere.

I’ve had a few people ask about doing this elsewhere in the world later in the year. I’m curious about how much appetite there is.

If you’re not coming to OMGDPR in Berlin but still interested, please do get in touch.





Trying an idea – OMGDPR, a GPDR-themed event in Berlin

I’ve been following the passage of GDPR from ideas to law over the last couple of years, and I’m convinced its effects will be far reaching, and extremely disruptive to the industry I work in, but also any industry that collects and processes data around customers.

I started chatting with a friend Maik, and we’re now testing to see if there’s interest in an event around it, that we’re calling OMGDPR.

Okay, what is OMGDPR?

OMGDPR is the working title for an community-run, open space event, in Berlin in late March/early April for practitioners who build digital products or services, to learn from each other about GDPR will affect their organisation, and by extension, how they work.

Wait. You keep saying GDPR. What’s GDPR?

GDPR is the short name for the what’s being referred to as most the important change in data privacy regulation in 20 years, and stands for General Data Protection Regulation.

I’m going to cheat here and use wikipedia’s summary of the changes to the law:

“The proposed new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonisation of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover.”[4]

The GDPR also brings a new set of “digital rights” for EU citizens in an age when the economic value of personal data is increasing in the digital economy.

The key takeaways are:

Wow, ‘threaten the existence of a company’? Now I’m interested.


The changes to the law arrived in late May, and they affect every company in the EU, but loads of companies, particularly smaller ones aren’t really prepared for it yet.

There’s also lots of FUD (Fear, uncertainty and doubt) around, so our intention was to create a space to let people talk about it in a relatively welcoming, safe, informal environment so they can see what they need to do if they haven’t had the time to think through a response to it.

Likewise, we’re hoping there will be a chance to learn from others who have had a chance to look into it, and would like to see more organisations treat personal data with the respect it deserves.

Okay, how do I find out more?

The easiest thing to do is try filling out the form below that we’re using to gauge interest – we’re aiming to run the event along open space principles, where people:

  1. bring the topics they’d like to discuss
  2. autonomously form into groups to discuss the topics that they are interested in
  3. report back what they learn for the rest of the group to reflect on or capture
  4. leave the event, with a clearer idea about what they might do

Here’s the form:

Okay, that’s it – if this interests you please give the form a go, and if there are typos or missing questions, do please let me know.