Are you ready for GDPR?

13 March 2018

On the 25th of May 2018 the European Union will start to enforce the General Data Protection Regulation (GDPR) legislation. The intent of the GDPR is to strengthen and unify data protection for all individuals within the EU. It also addresses export of personal data outside of the EU.

The GDPR also brings a new set of “digital rights” for EU citizens in an age when the economic value of personal data is increasing in the digital economy.

What is GDPR all about?

Right to access

Must be able to provide (for free) a copy of an individual’s data if requested.

Right to erasure

The ‘right to be forgotten’ allows individuals to request that a data controller deletes their personal data.

Data portability

Under GDPR, individuals will be able to request access to their data ‘in an electronic format‘, which they can transfer to another data controller.

Data breach notification

This means customers and data controllers must be notified of data breaches (leaks, hacks, or lost data – such as information on a lost USB stick) within 72 hours.

Privacy by design

Data compliance and data protection must now be considered from the start when designing new systems. Organisational and technical processes must be considered to ensure personal data is secure and that only data that is ‘absolutely necessary for the completion of duties’ is held.

Data protection officers

Public companies, or companies whose main activities involve data processing and monitoring will now need to appoint a data protection officer rather than notifying local Data Protection Authorities of their activities.

Now we could go into the details and made up percentages of companies in the UK which aren’t ready for GDPR. Renege you with horror stories of companies which haven’t even started to perform any kind of gap analysis of their systems, processes and compliance. But here at Mindfury, simplicity is always our primary focus, no matter how complex the problem.

You’ll be glad to know that many of the services you use probably already have you covered. Services such as G Suite from Google who detail their commitment to GDPR.

But what about your internal systems? Those bespoke applications you use in-house which enable your business to function efficiently but that also process personal data. Contact us for a free review of your internal applications.

We have a great deal of experience in helping companies understand where their gaps are in getting ready for GDPR. We can help you ensure that you have a robust strategy to achieve compliance & more importantly, maintain compliance. Because after all, GDPR isn’t just a deadline.

Third Party Compliance

Ask suppliers to detail how they will store/process data to ensure GDPR compliancy.

Ensure there is a point of contact from each side, plus a process in place to manage any data breaches. Both sides must be able to respond quickly to manage, react and respond in compliance with ‘Data breach notification’ legislation.

Make sure to only collect data that that is necessary, or falls under a ‘legitimate interest’.

Be sure it’s possible to delete data should you stop using a service, and that you can download your own data when requested.

At Mindfury all the development work we undertake is structured with GDPR in mind – right from the start. Contact Us to find out how we can help you.