GDPR is a ‘potential minefield for the BBC’, says Test Manager

Test Manager at the BBC, Bill Watson, reveals how the BBC ensures project workflows are reviewed and GDPR compliant for the May deadline

Watson works as the test manager in the BBC End User Compute (EUC) department. As the BBC outsources its IT infrastructure spend, his team acts as the gatekeeper for incoming work.

Watson said: “In EUC we’re more consumers of these services. To help in this we have top-notch architects and a technologist team to ensure we’re ahead of the curve.

“For us testers at the BBC, it’s all about working with our suppliers, from the inception to the delivery of projects. We collaborate closely on our projects, often hosting the development teams.

“This means we can react quickly when we uncover issues, whilst also allowing easy contact with our end users to tailor what we’re delivering to them.”

Watson is currently working across two projects that are changing the identity management system. The identity management system controls access to internal BBC systems and also manages how Joiners Movers and Leavers are processed. This means it interfaces with “pretty much everything” within the BBC system so the architecture is potentially quite complex.

‘Modern ways of working’

“This is where large organisation syndrome can kick in… they’re not necessarily the timeliest change management processes, but they allow us to get the job done,” he added.

One of the pressing topics at the moment is the upcoming General Data Protection Regulation (GDPR) in May.

Given the financial penalty is 2% of the worldwide turnover, the BBC could be liable to a potential penalty of around £100million for transgressions, so the corporation has to be extremely focused on the GDPR.

Watson continued: “For the BBC, GDPR is a potential minefield.

“There’s been an education programme rolled out across the whole of the corporation, but, at the end of the day, it’s down to individuals to think about how GDPR will affect the data they collect, and with modern ways of working information can be collected by more people than you might think.

£100 million financial penalty

“It’s not just apps, its things like lists of contestants on quiz show where details might be collated on spreadsheets or, more likely, bespoke SharePoint apps.

“From the perspective of my team, we’ve obviously been aware of the changes and have factored that into our work accordingly.

“For example, I’ve been programme test managing across a pan-broadcaster project that collects a lot of highly sensitive personal data on the diversity of those working within the broadcasting industry such as gender, ethnic origin and sexuality.”

For this project, the BBC also ensured that all broadcasters on the project consulted in-house legal teams. Their output was then factored into our requirements and it was down to the testers to ensure that all standards were rigorously tested.

“This project has already been mentioned in parliament so getting GDPR right is vital,” added Watson.

Written by Leah Alger