If you hadn't read this story, people hacked a casino database using a thermometer in a fish tank.

The article is about how the internet of things (IoT), so everything having some level of intelligence and an IP address.  Can within reason be hacked.  This allowed the hackers access to a customer database.

So what has this to do with GDPR?  Well on May 25th of this year, once GDPR comes into force this could cost you not only the embarrassment of the hack but also a heavy fine.  4% of revenue to be exact.

So this should prompt you to check all CCTV, fish tank thermostats, more importantly you need to really think about whether you really need databases with people's data on it.  The spreadsheet, you built for an event, that customer list, because the more lists you have, the more likely if you get hacked you will end up fined.

What do you do with them?  Delete them.

That's why Witherspoon's the UK Pub group group deleted their customer database and said they would communicate with customers through social.