markwilson.it, GDPR and no more ads

This content is 6 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

You probably noticed that a new European regulation came into effect last month: the General Data Protection Regulation (GDPR). I’d been inclined to follow the advice of Matt Ballantine (@Ballantine70), who expressed a view (I think on the WB-40 podcast) that, if you were compliant with existing data protection regulation, you were probably compliant with GDPR (the problem being that many organisations may not have been compliant with existing regulations but the GDPR penalties are more severe so they’re now taking them seriously). After all, I already had a privacy policy and data protection notice; I have a banner warning about cookies. I thought I was pretty well covered.

And then I read Mark Vale’s post on Does GDPR apply to you as a Blogger? It seems it might. Perhaps.

So, with help from the funny, sweary people at Writers’ HQ, I updated the site’s Privacy Policy. Then I bottled it and left in the serious bits from the old Privacy Policy and Data Protection Notice at the bottom. I still have the other Legal Notice too. But I’m not a lawyer and I don’t even run a company. I’m just a bloke who publishes stuff on the Internet, when he has the time.

I’ve also stopped running ads on this site. Not really anything to do with GDPR but Akismet wanted to charge me $5 a month for spam protection on a “commercial site”. Since Google Panda (an algorithmic change a few years ago), I only make about that much each month on the ads (and hosting costs me another £8 or so)… so I binned them off. So this site is now exclusively funded from my own pocket. Except that I may need to put them back on for a couple of weeks to get the £1.86 that will tip me over the trigger point for payment of the £58.14 I currently have stored up with Google Adsense…

Weeknote 13: Change control (Week 10, 2018)

This content is 7 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

This week has been dominated by two things:

  1. Windows 10 device builds. Lots of them.Several piles of Microsoft SurfaceBooks
  2. Change Control.

The first part is the easy bit. I have an eager team of build engineers, led by a committed and diligent Consultant to help with that. The second part has resulted in more than its fair share of pain.

As the client-side Programme Manager remarked to me, there are two types of change to manage: change that needs budget and resources and agreement; and “things we need to tell you about”.

The changes I’ve been fighting with are certainly in the “things we need to tell you about” category: minor edits to user account information in Active Directory made on an individual user (or small group of users) basis. Such changes are easily reversed but need to be communicated (to users, and to those who support them – so they are ready for any consequences).

Unfortunately, in order to make this minor change (admittedly a few thousand times), I have to complete a form that’s really designed for much heavier changes, submit it at least a week ahead of when I want to make the change (which is not very agile), attend various meetings to provide information, have multiple conversations outside the process to smooth the path of the change, stand on one leg, do a little dance and make incantations (OK, I made the last part up).

And, as one former customer replied:

Change control has its place but sometimes it feels like a lightweight process should be there for the “things we need to tell you about”-type changes. When I completed my ITIL® Foundation training, people said “you’ll breeze it Mark, it’s just common sense” – and it is. Unfortunately, it seems to me that many people use ITIL as a reason to wrap themselves in unnecessary layers of bureaucracy. There’s also a natural tension between those who are tasked with designing new and improved services and those who need to operate services. One wants change. One wants to avoid change. And, where outsourced services are in place, there are commercial reasons not to make any changes too.

Next week, I’ll find out how successful I’ve been. If I’m lucky, we’ll get approval two days after we need it. I’m not adding to my pain by making an urgent or emergency change (I’m not a masochist) but I have recorded an issue in the PM’s RAID log…

Elsewhere

Other encounters this week have included:

  • Night-time mountain-biking in the woods (helping out with my eldest son’s cycling club) – that was fun!
  • FUD from my younger son’s school around GDPR.

Needless to say, I’ll be ignoring the (poorly-written) communication from the school. Why expect me (as the user of the service) to take action to help the organisation tidy up their data when they have clearly misunderstood their obligations?

Now, it’s the weekend. It’s been another very long week. My train is nearly at Northampton and I feel the need to collapse on the sofa before I fall asleep. The weekend will be a mixture of “Dad’s taxi” and Mothering Sunday (helping my boys be nice to their Mum, and hosting my Mum and my Mother-in-law for lunch). Then back to work for round 2 of “change control”.