La mise en conformité avec le GDPR/RGPD ne doit pas nécessairement être pénible et douloureuse pour les startups tech. LEAN est le mot d’ordre. Vous devrez malgré tout y mettre du vôtre. Avec un avantage compétitif à la clé.

GDPR. Un des buzzwords du moment. RGPD en français, terme qu’on n’utilise pas trop en Belgique. Beaucoup de sociétés sont au courant de son existence, sur le ton du : “Ah oui, le GDPR. Il faut qu’on fasse quelque chose”. Je suis sûr que vous vous posez plein de questions et que vous avez déjà certaines idées en tête, par exemple :

L’effort est trop important, on n’y arrivera pas

Nous n’allons pas vous mentir : il y a du pain sur la planche. Si vous avez accumulé un excès de bureaucratie, que vous avez perdu de vue l’origine de vos données, que vos relations avec vos sous-traitants et vos contractants sont figées, l’effort de rattrapage sera important. Mais si vous maîtrisez déjà vos données et si votre organisation fonctionne de manière saine, c’est à la portée de tous, à condition de démarrer à temps.

La loi est complexe

Sincèrement, par rapport à bien d’autres législations, le texte n’est pas si ardu que cela. Même si un coup de main extérieur est vivement conseillé pour gagner du temps et ne pas partir de zéro, vous pouvez déjà commencer par vos propres moyens en vous aidant d’outils comme ceux de la CNIL.

On n’est qu’une petite société, on va passer en-dessous du radar

On ferme les yeux et on espère que ça passe? Pari risqué. Le risque vient entre autres d’une demande d’un de vos clients à laquelle vous devrez répondre rapidement. Il sera trop tard pour commencer à vous poser des questions sur vos données, votre politique de rétention et celles de vos sous-traitants. Le risque administratif et financier est disproportionné pour se contenter de croiser les doigts en espérant passer à travers les mailles du filet.

On réagira le moment venu

Sans préparation préalable, répondre dans les délais à une demande d’accès, de portabilité, de droit à l’oubli, ou à une enquête de l’autorité de supervision est illusoire. L’effort pour être en conformité et être prêt à le démontrer n’est pas forcément gigantesque, mais demande du temps et de la préparation. C’est plus une course de fond qu’un sprint.

Les choses ne sont pas encore claires, mieux vaut attendre

Si de nombreux points posent encore question, pour l’essentiel, on sait ce qui est attendu de chacun.

One does not simply become GDPR compliant meme

On vous propose donc…

Notre approche avec sudokrew.io : on ne fait pas le boulot à votre place, mais on vous aiguille vers la conformité, en profitant de l’occasion pour mettre certaines pratiques au clair si besoin, et en gardant à l’esprit l’avantage business que vous pouvez en tirer au delà des aspects purement légaux. Parce qu’on n’a pas envie de “faire du GDPR” pour le plaisir. Notre pack de départ comprend 5 jours de conseil par une ou deux personnes qui parlent votre langage. Le recours à un cabinet d’avocats n’a lieu qu’à la fin, si besoin, pour valider votre approche. Vous avez en mains les clés pour être en conformité, et surtout pour le rester alors que votre business évoluera.

Youri Ackx
Eric Darchis

 Pay to remain Certified Scrum Master

Last year I let my Scrum Alliance certification expire.

In IT, certifications are part of the business. A third-party assesses that you possess some skillset. You typically pass a written exam and, or course, you pay for it. Most of the time they don’t prove you are able to perform in the given field; merely that the basics are covered.

To become a Certified Scrum Master, you have to follow a two-days training, then take an online evaluation. That does not make you an efficient Scrum Master, but if you choose your trainer well, it gives you a strong starting kit. And if you are already experienced, it is a good occasion to fine tune and strengthen your skills. I took the certification for "the wrong reason": people around me (customers and recruiters) were mostly unable to assess if I knew what I was talking about, so a paper would help. Of course, I took the training seriously, and I learned from it. So in the end it all made sense to pay for that certification, and it was money well spent.

Now two years have passed, and my certification was about to expire. I received an invitation to renew it. But it is not about remaining current, or to measure any progress. It was only a matter of paying USD 100 to the Scrum Alliance. No exam. No evaluation. No training. No assessment.

The Scrum Alliance uses a careful wording: "maintain your professional credentials". Meaning you lose the right to claim you are certified if you do not renew. At least they don’t pretend it is about remaining up to date.

Of course, the Scrum Alliance is not the only one to exhibit such practice. But I don’t want to be part of that kind of business. Our industry already has enough quirks as it is in my opinion. I haven’t cancelled my Scrum Alliance membership but for sure I won’t shell out any amount of money for the sake of displaying a logo.

Parody of the CSM logo

 MacBook Pro 2016 replaced after 2 failed repair attempts

Epilogue: after 2 failed repairs, the Apple Store in Brussels finally gave me a new MacBook Pro.

I have summarized my unpleasant journey with Apple in a video:

Epilogue - MBP replaced

Frequent freezes when resuming from screen sleep, and failure to connect to WiFi when booting up with some device attached. I brought it to the Apple Store in Brussels for a repair.A few days later, I went back to pick it up. I wasn’t out of the store yet that I noticed the trackpad was stuck, and the laptop crashed several times on the installation screen.

But they insisted they would repair it again…​ But couldn’t.

Lots of delays for the two repairs, Apple Store very hard to reach on the phone, and overall a very disappointing experience.

See also

Previous blog entries and videos on the same topic:

But did you know, they offered me a slim case in compensation. Ahem.

 Long repair at Apple Store

Can the Apple MacBook Pro be considered as a "pro" laptop? I don’t think so.

It’s been 17 days that I brought my MacBook Pro late 2016 to the Apple Store Brussels for a repair. Freezes and wifi issues first. Got the laptop back "repaired", only to find out it was now completely unusable with a stuck trackpad. Theses two articles are computer horror stories in themselves. But read on. It gets worse.

The second repair was announced to me as: "it can be done this afternoon but not sure" at the beginning of last week. Was still not fixed at the end of week. Got a call, it would be available in the shop on Saturday. But nope, it was delayed again. And so on.

Today I’ve tried to reach the Apple Store Brussels. I’ve done that several times in the past days and weeks, varying my choices in the automated menu to avoid dead-ends, but no joy. I always end up in another service, usually in France, where they cannot tell me anything more about my laptop’s endeavour. A representative asked me if the store was far from home, as it would be easier to drive and be there in person to get the information I need.

This is total non-sense.

"The Apple Store in Brussels is very hard to reach" (Apple representative)

I concur. It’s like calling an administration, except they’re always polite and understanding.

Today however, my patience has run out. On the phone, I explain to this random Apple employee my intention to send a registered notice to the Apple Store, and to claim damages. She was amenable to try and contact the Apple Store Brussels, telling me it would take time, and maybe fail. Yes, that’s how low they are. But she managed to get through.

I’m now told my machine is being tested as we speak. It took a 40 minutes phone call to find out. And this was not my first call.

Please hold the line
Figure 1. Please hold the line

The motherboard and the topcase will be replaced again — by refurbished parts I assume. Maybe the screen too, she was not sure. My file is getting thick and complex to read, even for Apple representatives.

This is not over yet but it is already a bitter experience. As I feared before I bought it, the lack of professional on-site warranty is a serious liability.

To sum it up, with the expansive Apple Care on top of the legal warranty for an already very expensive hardware equipment:

  • I’m at the mercy of the Apple Store repair schedules and pieces availability.

  • There was no satisfactory escalation procedure after a first failed repair.

  • There was nothing to compensate for delays on the second repair.

  • No replacement was provided while the machine was being fixed.

  • No free pick-up or delivery available, even after a failed repair.

  • A first failed repair where practically all the parts have been changed does not entitle me to receive a new laptop.

I insisted so they would at least provide me with a replacement, or take care of the transport, but they wouldn’t budge.

This is not the kind of experience I’ve heard of colleagues that have been in contact with Apple for a defective product. Maybe this has become Apple’s standard operating procedures. Case not closed yet. I still have to get my laptop back. Fully working I can only hope.

Faulty trackpad
Resume from sleep freeze
WiFi issues

Even more unacceptable than last week.

Older posts are available in the archive.