There are eight different provisions within the General Data Protection Regulations (GDPR) which range from increased individual rights of access to personal data, to the obligation to inform people when a data security breach has taken place. Of course, many businesses would have already had data security measures in place that meet all of the requirements of the Data Protection Act (DPA) which dates back to 1998. Since May 2018, GDPR compliance for all organisations has been mandatory.
What are the key points you need to know?
1) Bespoke Software Needs Bespoke Solutions
All software proprietors must ensure that the programs they sell are compliant with the requirements of GDPR. If you bought software some time ago or it was tailored for your needs in the past, then it may not be up to scratch. Many software companies offer GDPR compliance updates for subscribing customers, but these may not be available for users of software whose proprietor has gone out of business or changed hands, or for older applications that are no longer supported.
2) Document Your Current Operations
Sometimes it may not be clear whether your organisation's actions are GDPR compliant or not. A mapping exercise of how data is sourced, stored and used will help you to sort this out and make sure that everything is fully documented for future reference.
3) Make Safeguarding Plans
Even the best run organisation could suffer a data breach. GDPR doesn't mean that data breaches will never happen, but they do place an onus on public bodies and private businesses to have plans they can roll out to help to prevent them. Does your legacy software allow you to seamlessly implement such a plan to minimise the risk of a data security breach?
4) Know What To Do
Reacting fast is the key to dealing with data breaches and requests from clients, with respect to their rights under GDPR. If you move slowly because your team don't know how to handle GDPR enquiries and data breaches, then you could face considerable fines. You need to ensure that your database or CRM is personalised enough to allow you to sort, categorise and ‘quarantine’ data on demand.
5) Ensure Clients Can Opt In To Data Collection
GDPR places the onus on anyone collecting personal data (e.g. for marketing purposes) to allow for informed consent. In other words, people shouldn't have their data collected routinely, but be afforded the option to actively opt in - for example, by ticking a consent box on your terms and conditions. Automatic opt-in is no longer an option under GDPR.
6) Deal With Incorrect Data
GDPR is not just about handling data breaches and dealing with information requests. You are under an obligation to manage your data properly, which means updating records that are found to be duplicates or incorrect. Knowingly holding outdated data also contravenes GDPR.
7) Personal Data Covers More Than You Might Think
Individuals have rights over their personal data under GDPR. This is more than their name, address and date of birth. Personal data includes any reference number which could identify a person, their location and indirect personal identifiers, such as physiological, genetic, economic or cultural factors.
Help Is At Hand
Although GDPR is sometimes seen as a minefield, compliance often means nothing more than bringing in some outside expertise. You may benefit from a bespoke data management application, or maybe a convenient UI that handles interactions between two or more legacy systems. Call the team at Brandon Cross for a chat without any obligations. You can also download our complementary guide - Secure Cloud Based Web Applications, by clicking here.