Friday, March 2, 2018

FudBuster Friday 2018 Edition: That GDPR = Dead Domino

"From the ashes we can build another day.."- from "Story in Your Eyes" by The Moody Blues

Every once in a while I feel the need to publish another FudBuster Friday post, yes it has been way too long but "fake news" makes these posts almost superfluous. I could write 10 a day and still never get them done.

Over the last few days some people I like, trust and learn from, were bothered by a "op-ed" type Press Release from the CEO of a company that obviously makes their money by moving IBM Domino shops to Microsoft.

Their own website even states in absolute terms "Our mission is to develop user-friendly, cost effective technology solutions to help companies escape the IBM Domino/Notes application landscape.:"

From their site I get the impression they have not been around for a long time but obviously are unhappy that people use Notes and Domino. This is their prerogative and in business there are many ways to make money. However, FUD ways are not funny, nor valid reasons to ever do something.

In this case they try to angle that the old solution is not up to par for the imminent on May 25, 2018 General Data Protection Regulation (GDPR) of the EU. For a great article about it read this

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. It also is applicable to US companies that STORE the data.

Taking a few items to task, let's start with 
"It is compelling because organisations are expected to create a single view of a customer – leaving data in old Notes databases is likely to render users non-compliant"
No explanation is provided and it is "just a fact". There is no requirement, that I found, requiring a single view of a customer. And even if there was, given Domino is a flat database solution, the data is sitting in one nsf although it may be called and referenced by others. Of course you may have data shared in various formats across your CRM, your SAP, your individual sales people as well. This would not change no matter what or how you store your data. What becomes incumbent on companies is the need to document their data workflows and processes for reporting breaches of the said data. 

Domino non-compliant? No way.

He then goes on to lay out a process of three steps that are required to help you meet GDPR requirements, namely: Discovery, Data Extraction and Archiving. In truth none of these steps do anything except pad a consultants pocket and sell, as we will see, many software licenses.

Discovery phase in which they inventory your Domino servers looking for applications. How exciting! our interns can and should do this for us if the built in tools of Domino can not.

Again, this has nothing to do with GDPR or Domino, it is just a normal project process. 

Data Extraction
"A key area of importance to the GDPR compliance directives is being able to get to all the data that is held on an individual so that, for example, a request to be forgotten is executed with a high degree of certainty. This means that getting data out of the Notes databases into an easily searched Relational Database is critical."
What? A did not go to B and definitely did not reach C in that sentence. If you already mapped out your data workflows and locations, then you would have a process in place to eliminate the data asked to be forgotten.

You do not need a relational database to do an index lookup, Excel does it quite well and so does your own internal search solution hopefully. If not, you may want  to invest in a corporate search appliance but this is still no reason to give up on Domino nor does it prove any non compliance. Just bad FUD.

The author then goes on to elaborate about how data could be dumped out of Domino into not one (MS SQL), not two (MS Dynamics), but three (Alfresco) different solutions and somehow this is a better idea? Imagine how many licenses and servers and billable hours this requires compared to your existing team looking at your data and mapping it out.

Archiving of data is always fun. those of you with 20 year old tapes of customer data, how will you rectify this? There is a serious business. This however is just bad rhetoric. Do you really need an all encompassing search solution? Perhaps, but if you have workflowed your data, you should know exactly where it resides and be able to easily identify what parts need to be marked/deleted.

Again, Domino is no different than any other database when it comes to finding your data.

The gist of the PR is a SQL server will give you better control, indexing, deletion of the data. No, it will not and no matter what database or solution you use if you do not document it or manage it properly you will face some huge fines. Any business no matter how small or large if you have personal/private data of EU members you will need to sit down and sort yourselves out.

In the end, no, moving to Microsoft SQL server will not be more compliant for GDPR than Domino.

You will have spent way too much money to move data from one solution to another for zero, I repeat zero reasons other than you were blindly following some entity because you were ignorant and uninformed!

I welcome feedback, further details which maybe I have neglected to research thoroughly enough or even an official statement from IBM or HCL that provides me with a reason to edit this post.