You need to know what's on the cutting-edge of technology. Find out what's coming and the unique Warptest POV with just one click on the "Blog" tile.

All posts in Software Development

GDPR IS LIVE

GDPR like any legislation has unforeseen consequences and impacts. Not for nothing have we learned how little Congress and the EU Parliament comprehend of Facebook or the underlying technologies of the Web, based on their questions when confronting Mark Zuckerberg.

GDPR - Zuckerberg vs EU

These same people in the EU have legislated GDPR. Many will not know exactly what GDPR (The General Data Protection Regulation) is. WordPress provided a guide and template for compliant Privacy Policy that you can see here.

Unless you are currently residing in a cave, your email inbox is probably swamped with mails from websites & apps you have signed up with in the past asking you to opt-in to their updated, GDPR compliant new ToS.

Last night I shared this video on Facebook Live with my take on GDPR and what might be some issues that did not get proper consideration.

 

GDPR & Software Development

Over the last 10 to 15 years, the development culture and lifecycle has been strongly influenced by Web 2.0 both for web / mobile apps and sites. Methodologies also evolved based on technology and platforms to ensure rapid product delivery. Agile & Lean replaced Waterfall methodologies and the culture included these interconnected practices: –

GDPR vs Development Practices

Ultimately MVP (Minimum Viable Product) and the ethos of let the customer test it were based on rapid delivery or a just ship it mentality. Some of this was based on fear of not being first to market, some on the fallacy that software testing was a bottleneck.

Beta testing also allowed release of an incomplete version of the software to a sample group of end users to evaluate customer satisfaction with the product and its features.

These fly in the face of GDPR compliance. De facto, data protection is something that should be baked in from the start and until this becomes habit, most will develop their apps and sites and tack-on data protection after the fact.

Where does MVP go from here?

The Warptest POV

GDPR and the just ship it mentality of MVP are in conflict. Apps and sites will comply because the alternatives are limited. There are companies already opting to block European users until they can be sure they are compliant. Just today, the Verge reported that Instapaper has done this temporarily. We can be certain that smaller developers and startups may opt to keep their apps out of the different European countries App Stores, Play Stores or Windows Stores as the scale of fines are greater than the accrued benefit of onboarding European users prior to compliance.

This leads to some serious questions. What are the geographical boundaries of this law?

  1. What if an EU citizen uses a VPN or some other method to bypass geo-blocking to download an app? Is the app still liable for any violation?
  2. What if an EU citizen is on vacation outside the EU and downloads an app or surfs to a site? Where does the EU see their jurisdiction ending regarding data protection of their citizens?
  3. Microsoft announced that they want to make GDPR the standard for their worldwide operations. Will we see GDPR compliance integrated into their, Apple, Google, Amazon and other app stores?

Big companies like Microsoft do offer GDPR guidance on how to make company IT compliant but the most important question is who in a company developing software, apps or websites should be the expert on GDPR compliance?

The simple answer is every employee involved in delivery must receive GDPR training but, logically the gatekeeper should be someone versed in compliance issues, how to verify and report on them. A smart company will ensure initial compliance by hiring an expert (possibly a consultant) but subsequently, the best person for the job is one of your testing / QA team.

A catastrophic mistake would be to have an employee brush up on GDPR by Googling it. Whoever the designated gatekeeper is should be sent on the appropriate certification course.

Getting back to MVP, it’s going to be up to founders, R&D heads, QA Managers to ensure that their processes evolve to ensure data protection is built-in from day 1. If this means an end to MVP and let the customer test it then this can only have a positive impact on customer satisfaction.

Personally, one of my bigger problems with GDPR is that the EU has repeatedly demonstrated a litigious attitude with anti-trust cases, often against companies like Apple, Google & Microsoft. Is GDPR just another EU kickstarter campaign?

Are you ready for GDPR or have you found a way to opt-out?

Last week a story broke how the State of Israel had “banned” the iPad. I did a quick search and  found the Israeli newspaper Haaretz and read the article.

First I’m not going to get into the story other than to say that the headline is one of the most viral headlines I have seen in months. Also it (the headline) is one of the most misrepresentative in my humble opinion.

Haaretz can be fairly described as Left Wing, to the point that they are currently embroiled in a National Security scandal involving over 2000 stolen IDF secret documents and one of their reporters who fled to the UK with the documents and pled for asylum. Apparently the UK doesn’t consider Israeli National Security important as they let him stay. I hear cries of nyah, nyah our Official Secrets Act is important, yours isn’t. This only weeks after a British MoD official “lost” a laptop containing top-secret plans from inside their headquarters?!?? (Story from the fascinating Defensetech.org) so maybe the Brits just don’t respect “Top Secret” the way James Bond portrays it.

Anyhow, questioning Haaretz newspaper’s sensationalism and motives aside, I called up the Israeli Ministry of Communications and spoke to their Spokesperson and the Test Engineer responsible for the iPad testing. In a nutshell they sounded competent and committed to ensuring the Israeli consumer is provided with a communications device that works to the standards set down in Israeli law. They assured me that testing had begun but did not wish to commit to any completion date for obvious reasons. They did state that on approval the device would be legal to import like any other if it passed.

moclogo

The hysterical level of blogging, Tweeting, Facebooking and so on regarding this leaves me convinced that Steve Jobs sure knows how to create a feeding frenzy. Perhaps President Obama should ask him to pitch to Israel his plans for the Middle East?

People seem really shocked by one of the following: –

  1. Israel has standards for this sort of thing.
  2. We don’t just blindly trot along after the United States and let it in on the FCC’s say so.
  3. OMG but it’s an iPad! AN IPAD!! Why isn’t Israel just waiving the law for it?

The_Scream 

I just read several blogs saying how this is typical governmental bureaucracy or hints of dark government conspiracies (where are Mulder, Scully and Smoking Guy these days anyway?) and then the best of them was this is damaging our ability to develop competitive applications. Israeli hi-tech should be getting these right now to ensure we maintain our competitive edge.

To the folks out there deriding the testing team at the Ministry of Communications as bureaucrats let me ask you this:

  • Have you ever worked with any public sector employees in Israel? I have and I was in the main impressed by their professionalism, commitment and willingness to work hard for not the greatest salaries in the world.
  • Did you make any effort to contact this department and at least talk to these folks? I’m not hearing anything other than silence here.

Now to Israeli hi-tech; I’m a veteran of over 10 years and I can honestly say that I am always impressed with the creative and smart solutions to problems like this that Israelis come up with.

Back in the day, I worked briefly as a QA Team Leader for a company before they were bought and the R&D moved out of Israel. This company was in the business of Locational Applications and optimized web and we even tested on platforms such as Qualcomm’s marvelous BREW. This was not supported at the time in Israel. Did we manage to test?

Yes devices were in our US office and we connected to them via the BREW SDK and PC Anywhere, also we had emulators and a functional but non-connected BREW phone.

Was it easy? Was it economical? Not always. We had a recurring random disconnect bug that drove us crazy until we discovered that someone was without noticing rolling back and forth over the cable connecting the phone to the PC in the US and this was affecting connectivity. Some of the time we even had one of the QA Team over in the States to work on devices that were already supported there.

I guess the point I am trying to make is that all I am reading is whining and complaints. I am not seeing that bright spark of creativity, innovation and occasionally improvisation to get the job done.

illuminated

Can you connect to the iPad by remote? If so perhaps someone in the US might want to purchase a bunch of these devices and setup a Remote Lab in the US and rent out testing and R&D time.

Is there an emulator for the iPad? Apparently the Apple SDK will as with previous product SDK’s incorporate an emulator.

In a nutshell, until the MoC finishes there work and until Apple actually starts importing the things here let’s get back to being a little creative in our solutions and make some money.

Technorati Tags: ,,,,Ministry of Communications,,
There are many different organizations, start-ups amongst them where the transfer of knowledge between teams or individual can be akin to pulling teeth; difficult, messy and painful.
The classic example in development is when the QA or Test team has to begin defining tests for the next release but has no clear idea beyond terminology on a Gantt or various emails what they have to test.
Getting documentation at this stage can be frustrating and even ultimately counterproductive in terms of the conflict or friction it raises between the person who has to produce the documentation (in our case specifications) and the person who needs the documentation to continue working and not become a bottleneck.
In SCRUM during the daily meeting this issue would be raised as an impediment to the testing progress and the Scrum Master would help the team in resolving this.
However as an experienced QA Manager I can state that this issue is a function of corporate culture. Normally this occurs where VP of R&D and or the CTO continues to make statements committing to full knowledge transfer but actually the real concept being maintained is that writing code comes first and if you are lucky we might get to writing spec down the line.
This truly demonstrates a Waterfall methodology regardless of the methodology that the organization claims to be using.
How do we resolve this? Perhaps this is something you just have to live with and realize that this is an organization that will never embrace Kanban, Lean, Kaizen, and Agile – SCRUM or any variant thereof without a true management commitment.
There are different personality types depending on which theory of psychology you adhere to; I’m a tools and techniques guy, I try to identify the problem and knowing it will recur find the correct tool or technique that allows everyone involved to keep a smile on their face and get the job done.
I encountered this kind of problem myself several times and it occurred to me that if the core of the problem is finding the time to write stuff down, then why make people write at all? The written medium is tiresome to create an often just as difficult to read and learn from. So why not use a different medium?
Ideally, you would introduce the use of Digital Audio or preferably Video recording and get the relevant knowledge owner to speak freely explaining the (in our example) spec. Diagrams, charts and slides could be added later making this “living document” or work in progress. (I re-heard this idea at the Israel Scrum Users Conference, earlier this month; many of us confirming that a good idea is something others thought of at the same time as you).
This is the easy part; there will still be a need for post-processing, review/ approval, document control and much larger storage/ backup than if these were simple textual documents.
Users would have to learn to be comfortable with being filmed, cameras would have to be readily available and seated on a stable platform. The video files would need some form of tagging which could be used for creating a searchable index in the Document control database but ultimately the ROI would be enormous in terms of reducing the friction and frustration in dealing with this impediment.