GDPR

Definition

GDPR coverage in this archive spans 3 posts from Feb 2017 to May 2018 and frames gdpr as continuous risk reduction instead of one-time policy work. The strongest adjacent threads are privacy, compliance, and fintech. Recurring title motifs include gdpr, week, happened, and engineers.

Key claims

• The strongest pattern is operational: security controls are effective only when they are embedded in delivery flow.
• The consistent theme from 2017 to 2018 is disciplined execution over hype cycles.
• This topic repeatedly intersects with privacy, compliance, and fintech, so design choices here rarely stand alone.

Practical checklist

• Map threats to concrete controls, then tie each control to an owner and an observable signal.
• Start with the newest post to calibrate current constraints, then backtrack to older entries for first principles.
• When boundary questions appear, cross-read privacy and compliance before committing implementation details.

Failure modes

• Treating compliance checklists as a substitute for runtime detection and response.
• Adding controls no one owns, tests, or rehearses under incident pressure.
• Applying guidance from 2017 to 2018 without revisiting assumptions as context changed.

Suggested reading path

• Start here (current state): GDPR Week One: What Actually Happened
• Then read (operating middle): GDPR for Engineers: What We Actually Built at a Fintech Startup
• Finish with (foundational context): GDPR Is an Engineering Problem, Not a Legal One

Related posts

• GDPR Week One: What Actually Happened
• GDPR for Engineers: What We Actually Built at a Fintech Startup
• GDPR Is an Engineering Problem, Not a Legal One

References

• The Twelve-Factor App
• Google SRE Book
• RFC 9110: HTTP Semantics