On May 25th, 2018, the EU’s General Data Protection Regulation (GDPR) takes effect and becomes enforceable. The new regulation, technically known as EU 2016/679, replaces the Data Protection Directive, which already goes back to 1995. All companies now have to consider how they process and store data.
In order to adhere to the new rules GDPR data safe have created a solution that is a dynamic communication software and data storage platform. As an affordable retail data entry platform it ensures the processing of data under GDPR at each customer touch point is completed lawfully and with specific consent in line with GDPR rules.
From initial contact through to order forms, finance applications and product purchases and more, the platform provides your customers specific, granular consent information, often with two point authentication. All communication with customers is stored in a history file, with easily access for you to fulfil the GDPR individual access requirements.
The aim of the General Data Protection Regulation is to reinforce the data protection rights of the individuals, facilitate the free flow of personal data in the digital single market and reduce administrative burden.
The ICO (Information Commissioner's Office) which is the Government organisation that enforces the Data Protection Act have suggested 12 simple steps to get ready for the new GDPR rules the information through out this website aims to share information and workflows to support those planning steps.
The ICO have made the point in recent communications that GDPR is not just about fines, companies need to review and understand how they process and gain specific consent for the use of an individual’s data.
The Higher sanctions – up to 20 million euros – 4% of Global turnover, these relate to
5: Principals relating to the processing of personal data
6 : The Lawfulness of processing
7: Conditions for consent
9: Processing special categories of personal data (i.e. sensitive data)
12 – 22 : Data subjects rights to information access, rectification, erasure, restriction of processing, data portability, object, profiling
44 – 49 : Transfer to third countries or international
58(1) Requirement to provide access to supervisory authority
58(2) : Orders or limitations on processing or the suspension of data flows
The questions companies should therefore consider are
How can I minimise the risk and protect my business?
How can my business implement a technical framework to collect specific consent and lawfully collect data?
How can my business handle different data streams?
How can my business uphold the new regulations and define data collection and storage?
How can my business ensure the security and protection of personal data?
Data Protection by Design
The implantation of appropriate technical and organisational measures to show you have considered the integration data protection into your processing activities
You need to have an understanding of the
Integration of Data Protection
Implementation planning for GDPR
Data Risk Management
When a Data risk assessment is necessary
An understanding of the data architecture
Protection by Design: Data Transparency
Your approach to information when collecting data under the GDPR
Clearly understand how the data might be used
Information must be concise, easily accessible and in clear and plain language
Data Controller will have to provide mandated information, access, restrict, and port their data
Notices addressed to children must be child-friendly
Consider the use of layered policies, immediate and available information
Common use of Icons throughout workflows to aid key information points
Information you hold: Practical Data Audit
Where are your data sources?
Website
Advertisement
Sales process
Sales database
General database
Accounts
HR department
Third party storage, communication tools, archive
Just because it was permitted under data protection act does not mean it will be permitted under GDPR
All business need to carry out a Data Audit in line with changes
Understand the types of data you hold
Analyse the personal data and determine the lawful purpose
Accountability – You are required to document the analysis of lawful purposes that your data is used and retained.
If you process high volumes of sensitive data there is a legal requirements to document the data you hold and carry out and confirm a Data Protection impact assessment
A description of processing and purposes of data
Confirm the Legitimate interests pursued by the controller
An assessment of the necessity and proportionality of the processing
An assessment of the risks to the rights and freedoms of data subjectsThe measures envisaged to address the risks
All safeguards & security measures to demonstrate compliance
Indication of any data protection by design and default measures
A list of recipients of personal data
Compliance with approved codes of conduct
Whether data subjects have been consulted
Data Protection Officer (DPO)
What does a Data Protection Officer do?
Informs and advises on DP obligations
Monitors the implementation and application of policies
Staff training
Appointing a DPO:
Designation of a single DPO for several Organization
DPO should be accessible
DPO should have the relevant expertise and skill and no conflicts of interest
DPO can be appointed on the basis of a service contract
DPO : review Data Controller or Data Processor - Contracts
Audit will be required for contracts with third party processors to asses the compliant and lawful processing and storage of data
Controllers and processors equally responsible
Review data sharing arrangements - responsibilities
Review contracts where you appoint data processors
Direct obligations include testing the robust protection of data
Review your contracts where you are a data processor
Controllers right to audit
Review third party data security – Breech reporting – Service levels
I confirm that I want to receive educational material, product announcements and information from gdprdatasafe.co.uk and they hold my data for that purpose only.
You have a right to request stop anytime.
(Full details available on the use of data are available within the privacy policy area on this web site)
Sorry! could not submit your request.
Thank you, to submitting your request. Please click to download your check list and information guides.
In order to provide you with the reports upon completion of this assesment please provide the following information
I confirm that I wish to use this risk assessment and receive education material, product announcements and information from gdprdatasafe.co.uk and they hold my data for that purpose only.
You have a right to request stop anytime.
(Full details available on the use of data are available within the privacy policy area on this web site)
I confirm that I want to receive educational material, product announcements and information from gdprdatasafe.co.uk and they hold my data for that purpose only.
You have a right to request stop anytime.
(Full details available on the use of data are available within the privacy policy area on this web site)
I confirm that I want to receive educational material, product announcements and information from gdprdatasafe.co.uk and they hold my data for that purpose only.
You have a right to request stop anytime.
(Full details available on the use of data are available within the privacy policy area on this web site)
Sorry! could not submit your request.
Thank you, for your interest. One of our representatives shall call you back as soon as possible.