The GDPR is EU legislation which has been driven by the ways in which data is now collected and used. It aims to unify data regulation throughout Europe, and give us all more control over what companies can do with our data.
“This means you need to review what information you store, how you store it and who has access to it, as well as processes and procedures for information retrieval and management. Your IT systems need to support your business processes, otherwise you could fall foul of the regulations and face severe penalties.” – Steve Birks, MD
One particularly important aspect of GDPR relates to individuals’ rights. For example, your organisation will need to have procedures in place to delete, amend, or provide personal data upon request. This will be simple for small businesses, but for those with data on 100+ individuals, the issue will require serious thought.
What are Individuals’ Rights in Relation to GDPR?
● The right to be informed. This deals with how transparent you are with the use personal data
● The right of access. Customers will need to have access to the personal data you hold about them
● The right to rectification. People can have personal data rectified if it is inaccurate or incomplete. If you pass on information to other organisations, you must inform them of the need to rectify any inaccuracies
● The right to erasure. Also known as the right to be forgotten. This enables an individual to request the removal of personal data where there is no compelling reason for your organisation to continue using it
● The right to restrict processing. An individual will have the right to restrict the processing of personal data, which means you could store it but not further process it
● The right to data portability. This allows individuals to obtain and reuse their personal data for their own purposes across different services
The above is not an exhaustive list. There are other compliance aspects you will need to address through your business administration functions, business processes and IT. From data collection and management through to access, security and retrieval, your IT systems will play a crucial role in helping you to comply with GDPR. Without the right support, you could fall foul of the regulations, or find compliance particularly burdensome.
It is a good idea to start a thorough audit, so that you know what you need to do before the laws come into force in May. Also, check out our GDPR compliance checklist.
Getting Help to Prepare for GDPR
Our expert team can help you conduct an audit and set up your IT systems to support GDPR compliance. Please get in touch to discuss GDPR and its impact on your business in more detail. Alternatively, you can read our whitepaper, which gives useful information on the key principles of the Regulations.