What is GDPR?
GDPR (General Data Protection Regulation) is coming on May 25th, 2018. It affects all of us that process or share information with businesses or other organisations.
For most of you who run a business, it is likely that you have heard of GDPR. GDPR is the replacement for the existing Data Protection Act that has been in place since 1998. Essentially, the regulations that are already in place are to be extended to include additional provisions and increased penalties. If you run a business in the United Kingdom or the rest of Europe, and you don’t know how GDPR affects you, now is a good time to find out.
This article does not attempt to go into all the legal intricacies of GDPR. For that it is suggested you contact a lawyer who specialises in data protection. Contact us if you need help finding a data protection lawyer.
When GDPR goes into effect and you run a business, you will need to be ready to comply with the new regulations. GDPR applies to:
- Personal information
- Family and lifestyle details
- Education and training
- Medical data
- Employment details
- Financial info
- Contractual information
If you use or keep any of the above information about your customers or employees, you are legally obliged to comply with GDPR. Even just a first and last name is personal information. The penalties for non-compliance are severe: as much as €20 million, or more for larger organisations.
So what does compliance mean? If you process personal data, you must lawfully process it. This is not an exhaustive list, but you are required to:
- Collect data only for specific, explicit and legitimate purposes.
- Only keep data that are adequate, relevant and limited to what is necessary.
- Make sure your records are accurate, and correct errors without delay.
- Don’t keep the data for any longer than necessary. In some cases, legal obligations will require retaining records for a number of years. If consent and legal requirements to keep the data expire, it must be erased.
- Keep the data secure. Secure doesn’t just mean password protected or behind a locked door. Data must also be encrypted when in transit or stored outside your organisation.
- Get permission from the person to process their data.
- Comply with a request for disclosure from the person within 30 days.
- Comply with a request for rectification from the person within 30 days.
- Comply with a request for erasure from the person (the right to be forgotten) within 30 days.
- If you made the data public or shared it with other organisations, you must inform the holder of the data that erasure has been requested.
- If you use personal data for direct marketing, get prior explicit consent. A pre-ticked box is not allowed to infer consent has been given.
- Make it easy for people to withdraw their consent to process their data.
- Inform people for what purpose and for how long you will be using their data. This means if you want continue to use their data beyond the time specified, you will need to get their consent again.
If you don’t have a system in place that complies with all the rules, you will need to get one. This can be manual, of course. However, manual processes will likely be burdensome, a may lead to errors.
- You may have a backup system. This has to be secure.
- If you get a request for erasure, this affects backups too. This implies backups will need to deleted when they are older than 30 days.
- Business performance analysis usually requires maintaining customer transactions and interactions for future analysis. This can be done by anonymising the data. Anonymising data means replacing any personal information with fictitious data or placeholders.
What to do about GDPR
Simply Digital has developed systems that allows organisations to comply with all of the GDPR and with ease. We can do this for you and streamline your business operations too.
- Would you like a system where complying with a request for erasure can be done clicking a single button?
- Would you like a system that allows to comply with GDPR with no extra burden?
- We can do all of this for you. Please contact us today.
<< Back to Previous page