March 7, 2019 Jesse Bickerton
Up until May 25, 2018 there were minimal guidelines surrounding personal information, especially regarding privacy. The previous Data Protection Directive from 1995 was limited. This is why the General Data Protection Regulation (GDPR) was created. Its goal is to ensure that personal information is handled properly.
The GDPR sets forth seven key principles:
The GDPR applies to individuals, organizations and companies. Depending on your role, you might be either a “controller” or “processor” of personal data. A “data controller” is one or more people who determine the purpose for collection and the manner in which data is collected or processed. A “data processor” is any person (not a direct employee) who processes the data on behalf of a “data controller.”
Data Processors are required to:
Data Controllers are similar to data processors but are only obligated to ensure that third-party contracts are compliant with GDPR and all standards are met.
GDPR applies to any business that processes the data of EU citizens. Businesses that track or collect personal information should employ a Data Protection Officer (DPO), whose role is to ensure the company complies with the GDPR. If a breach occurs, it should be reported to the Information Commissioner’s Office (ICO) within 24 hours or 72 hours at the most. You must also report details of the breach and how the breach will be contained and resolved.
Know what data you are collecting, where it’s from and why.
Make sure you have consent to collect and process personal information.
Is your data encrypted? Are you protected against a breach?
Make sure you have a procedure in place when people request their data. You have a month to respond to requests.
Employees should know who the DPO is and be trained to know what to do with personal information.
All suppliers and contractors need to GDPR compliant as well. Make sure contracts are updated.
Be honest about why you’re collecting personal information.
Although it sounds daunting, GDPR compliance regulations are here to protect personal information. Are you prepared?
Jesse Bickerton, RAVEN5, March 2019