The GDPR is a EU ( and now UK law) that relates to handling of Personal Information.

The idea is that individuals own their own data and that it can only be used in ways that they had agreed to use. If you want to use data you need to seek permission and tell the user what you are using it for. Users also have the right to opt out. This does not have to be instant, so extracting your list a month before an email is sent would be fine. Doing so six weeks or more is not.

It includes details that data use must be opted in to. In several cases recently I have seen surveys sent out that have the “add me to your mailing list” autochecked. This is specifically not allowed.

You also can’t pass PII to third parties without either a good business reason or with permission. A good business reason would be passing a delivery address for shipping a product. A bad reason would be selling details to a third party to update a marketing database.

You can also only use the data for the requested purposes. For example Facebook asked for my phone number for account recovery purposes. It would have been a violation if you got a phone call from a market research company on that number.

GDPR has teeth. The fine can be 4% of your global income. Note that is income, not profit.

All that is required is having good practices.

Given that I am working on a relatively large codebase with sigificant size domain model and tests it is surprisingly easy to ask an AI for answers to questions and get useful answers. Sometimes it can multiple passes to get the details right.

For example I was asking about an error message that was found in the logs. My first set of questions where about how to replace this with a useful message for the user. Having done this work the follow up questions really helped.

I asked how is it possible for this error to happen. It found an option that required the user to have the application open in two tabs at once. This allowed me to suggest adding a couple of simple rules to the system to make the error not possible to happen. This was much simpler than the first solution (which was causing problems to be tested). It makes no sense to edit anything other than the latest version and two rules will enforce that.

AI assistance here is helpful, provided that you review the output carefully so it does not attempt to cheat (bypass a failing test rather than fix the cause).

It is also very good at finding and preventing those flaky tests. You know the one that everyone just reruns. If you can stabalise the tests everything gets much faster.

Another benefit has been correcting bottlenecks in CI. By looking at the slowest parts then splitting them up we have dropped our CI build time from 15 mins to 5-7 mins. We uncovered a pointless step that had been costing 5 mins on every build.

Now AI is going to get more expensive over the next few years so take advantage of the current window to simplify the codebase and clean up that tech debt.