First, we tried to find some exceptions in the GDPR Regulation or additional clarifications in order to circumvent the client’s problem. However, this did not lead to any results.
Then we proposed to hold a consultation on Privacy by Design according to the method of Jason Kronk.
The great risk was that we did not have the consent of the people whose phones were in the database. Data was processed secretly, so users were not aware of what was happening with their personal information.
The problem is that these data are the object of interest of attackers: they can be stolen and started to be used for their own selfish purposes. Trite, even an employee of the company can download them to his USB flash drive and take it away.
We needed to avoid this risk in order to comply with the GDPR.
We prepared several options for solving this problem in advance and presented the client with consultations at the beginning, the rest appeared in the course of joint work.
It is important that the client was involved at every stage of the discussion. Therefore, he had a clear awareness of all the pros and cons. In fact, it was his own decision.
We solved this problem in 2 hours of consultation. Previously, preparation was also carried out by the client: a data flow diagram was prepared, the preparation of which also took 2 hours.