On May 25th 2018, General Data Protection Regulation (GDPR) is due to take effect standardising privacy and security across Europe, with a view to protect the rights of individuals. As businesses prepare for the new law, questions arise about software compliance….
What does GDPR mean?
General Data Protection Regulation is a data protection reform which will replace the current 1995 Data Protection Directive from 25 May 2018. It applies to all companies that collect, store or process data related to any EU resident and aims at unifying data protection for individuals within the European Union.
The key principles of GDPR include:
Right to access and be informed
You must obtain valid consent for data collection and clearly state processing purposes and use. Customers have a right to access their data at any time to check how it is being used and where it resides, which you need to provide within a month and free of charge.
Right to rectification
In cases where personal data is inaccurate or incorrect, your business must make appropriate changes within 30 days.
Right to be forgotten
A customer can request for his/her data to be deleted when they believe there is no compelling reason for continuous processing. This includes instances where “personal data is no longer necessary in relation to the purpose for which it was originally collected or when the individual withdraws consent”.
In an event of a data breach, the relevant individual has to be informed within 72 hours. If unaddressed, it is likely to result in damage to reputation and financial loss to the data controller.
What does GDPR mean for business?
GDPR requires businesses to introduce stricter control on where personal data is stored and how it is used for transparency and in line with individuals’ rights for personal privacy. This means that software, systems and processes must be reviewed to ensure compliance. According to Information Commissioner’s Office (ICO) you should:
Educate everyone within your organisation on the GDPR regulations.
Assess and document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.
Update your internal policy and procedures to ensure your business is compliant.
Review your GDPR processes regularly to avoid unnecessary fines.
How can technology help with GDPR compliance?
GDPR has key demands that affect the technology choices and technical approaches that a business has to make. If you’re concerned about their ability to adhere, here we share how some of our software vendors and partners plan for GDPR compliance, which might help with managing your data practices.
Microsoft to simplify GDPR compliance
Through their cloud services and on-premise solutions, Microsoft is committed to maintaining privacy, security, transparency and compliance in order to adhere to the new regulation. This will include a plethora of tools and resources for areas including deletion, rectification, transfer of, access to and objection to processing of personal data. Furthermore, there will be a set of features to manage access to personal data and protect it from unauthorised access.
Sage and their GDPR journey
Sage is introducing a robust GDPR strategy focusing on its products and processes to remain complaint. Technological advances are being made to ensure secure data portability, record keeping and the right to erasure are in line with the upcoming legislation. This will be released as updates to the latest supported versions for users to incorporate these into their own compliance plans.
Workflow Group‘s GDPR services
Workflow groups offers a number of services to help businesses with compliance. This includes a security audit and a range of technical tools to protect data integrity such as digitalisation of paper-based data or secure printout release reducing the risk of sensitive printouts getting into the wrong hands.
GDPR: Who is responsible?
While software vendors will help you comply with GDPR by releasing relevant updates, it is important to recognise that compliance is a shared responsibility. This might include reviewing your tools, processes and expertise and making changes based on those findings.
Failure to do so could prove costly – as companies that do not meet the requirements could face reputational harm and substantial fines of 20 million euros, or 4 percent of annual worldwide turnover, whichever is greater.
This blog post should not be relied upon as legal advice on how to comply with GDPR. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organisation, and how best to ensure compliance.