Just to remind myself, and you for your contributions, that it’s seriously time to write up a post on Agile development methods [OK, okay, I mean Scrum, as the majority side of the house]; how one is supposed to integrate GDPR requirements into that.
Like, we’re approaching the stage where the Waterfall model of security implementation, will be Done for most organisations. Not Well Done, rather Rare or Pittsburg Rare, at your firm [not Firm …]. But then, we’ll have to make the wholesale change to Maintenance, short-term and long-term. And meanwhile, waterfall has been ditched for a long time already in core development work, hence we have a backlog (huh; the real kind) qua security integration (sic; the bolt-on kind doesn’t work anyway) into all these Agile Development methods of which word has it everyone and their m/br-other seems to make use these latter days.
But then, the world has managed to slip security into that. Which is praiseworthy, and needs more Spread The Word.
And then, there’s the GDPR. May we suggest to include it in ‘security’ as requirements flow into the agile development processes ..?
As said, I’ll expand on this l8r.
If only later, since we need to find a way to keep the DPOs out of this; the vast majority (sic) of them, with all due [which hence may be severely limited] respect, will not understand to a profound level they’ll try to derail your development even without the most basic capability to self-assess they do it, in ways that are excruciatingly hard to pinpoint, lay your finger on.