GDPR Compliance in 2019

GDPR Compliance in 2019

 March 7, 2019      Jesse Bickerton

Up until May 25, 2018 there were minimal guidelines surrounding personal information, especially regarding privacy. The previous Data Protection Directive from 1995 was limited. This is why the General Data Protection Regulation (GDPR) was created. Its goal is to ensure that personal information is handled properly.

GDPR Compliance in 2019

The GDPR sets forth seven key principles:

  1. Lawfulness, fairness and transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitations
  6. Integrity and confidentiality
  7. Accountability

The GDPR applies to individuals, organizations and companies. Depending on your role, you might be either a “controller” or “processor” of personal data. A “data controller” is one or more people who determine the purpose for collection and the manner in which data is collected or processed. A “data processor” is any person (not a direct employee) who processes the data on behalf of a “data controller.”

Data Processors are required to:

  • Keep and maintain up-to-date personal data records.
  • Implement and maintain security measures
  • Directly responsible if a breach occurs

Data Controllers are similar to data processors but are only obligated to ensure that third-party contracts are compliant with GDPR and all standards are met.

GDPR applies to any business that processes the data of EU citizens. Businesses that track or collect personal information should employ a Data Protection Officer (DPO), whose role is to ensure the company complies with the GDPR. If a breach occurs, it should be reported to the Information Commissioner’s Office (ICO) within 24 hours or 72 hours at the most. You must also report details of the breach and how the breach will be contained and resolved.

Tips for Business Owners

  1. Understand Your Data

Know what data you are collecting, where it’s from and why.

  1. Consider Consent

Make sure you have consent to collect and process personal information.

  1. Security Measures

Is your data encrypted? Are you protected against a breach?

  1. Access Issues

Make sure you have a procedure in place when people request their data. You have a month to respond to requests.

  1. Train Employees

Employees should know who the DPO is and be trained to know what to do with personal information.

  1. Other Parties

All suppliers and contractors need to GDPR compliant as well. Make sure contracts are updated.

  1. Fair Processing

Be honest about why you’re collecting personal information.

Although it sounds daunting, GDPR compliance regulations are here to protect personal information. Are you prepared?

Want more information? Here’s some more information about the General Data Protection Regulation. We are all Marching into the Digital Marketplace, so best be prepared.

Jesse Bickerton, RAVEN5, March 2019

Resources

https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf

View All