Most organisations are concerned about the security of their information on the internet, so it is not surprising that on 25th May 2018, a new European privacy regulation, called The General Data Protection Regulation (GDPR), came into effect in the UK. As you can imagine, just about every organisation is affected. If your business collects data through a website or social media account, conducts email marketing or uses software that stores and manipulates personal data, you will need to take steps to ensure compliance.
GDPR Compliance & Bespoke Software
There is a lot of confusion about the law, so this article is a general guide to get you started. GDPR compliance for software applications is slightly more complex, as the actions needed for compliance will vary from program to program. It may be easier to ensure compliance for some third party applications than others. If in doubt speak to us. We can advise on the best route to compliance for your current infrastructure or discuss bespoke solutions with compliance built in.
What Is The GDPR?
The idea is to protect the privacy of individuals from inappropriate use by businesses and organisations. The main points of the law are:
- Right for individuals to access personal data and ask how it is being used. Information must be provided free of charge, if requested.
- Right to be forgotten. If you are no longer a customer, you can withdraw consent for a company to use your data, and even have data deleted entirely.
- Data Portability. Individuals can transfer data from one service provider to another, and ensure it is done is such a way that the data is clear and useable.
- Right to be informed. Individuals must be informed and give consent to opt in before data is gathered.
- Data can be corrected or updated if out of date or incorrect.
- Right to request information not be processed. An individual’s records can remain in place without being processed.
- Right to object and have processing stopped without need for explanation.
- Notification if there is a breach in the integrity of an individual’s information.
Many of these safeguards are already secured under the Data Protection Act (DPA) 1998. But unlike the DPA, in which many protections were implied and open to interpretation, compliance with the GDPR will involve adherence to stricter and more black and white rules.
What Can You Do To Make Sure Your Business Is Compliant?
So what can you do to ensure your company’s software is in compliance? Here are a few steps:
Step 1: Examine your current operations
Map out where your data comes from, what is actually being collected, and what you are doing with the data. Get documentation of everything to nail it down.
Step 2: Determine what you need.
Another way to say this could be determine what you don’t need. Just as you would declutter your garage or attic, consider why it is needed, why it is being saved, why (if) you need to collect the types of information you are collecting, and whether in costs more to delete than to encrypt. Only keep what’s needed.
Step 3: Develop safeguards
Wherever possible, make sure safety measures are baked into your processes to prevent data breaches. Also, have policies in place to take action quickly if something does happen. Make sure this is the case not just for your organization, but for suppliers and any other companies you work with.
Step 4: Review and revise documentation
Remember that individuals can only opt in by giving consent to having data collected. Therefore, any agreements or other paperwork that references opt-out, or implied consent must be changed. Likewise, examine the language surrounding any circumstances where data may be or is gathered.
Step 5: Establish your own set of procedures
Consider the eight provisions of The GDPR above and develop policies for your organisation to follow that will ensure all the rights individuals are guaranteed under the law will be followed. This will probably involve significant changes to your business processes.
At Brandon Cross we can walk you through this process as well as help you design and deploy the necessary software systems you will need for compliance.