On May 25th 2018, the EU General Data Protection Regulation (GDPR) came into effect in the UK. Since then we have seen a drastic change in the way our data is used (or not used). You will notice that even on our website, our forms contain privacy policy links as well as opt-in/opt-out options.
Regardless of whether or not your business has a privacy policy, are you also making sure your technology is compliant, and are you properly securing your customer’s data?
What Are The Key Principles of GDPR?
In order to guide your GDPR compliance, there are a few key principles that must be followed:
- Lawfulness, Fairness, and Transparency- You must have a lawful basis for why you want certain information about customers and a legitimate reason for using it.
- Purpose Limitation- You may only process personal data for the reason it was intended to be.
- Integrity and Confidentiality- The personal data can only be processed by the people that should have access to it.
- Data Minimisation- No more data than is needed should be collected.
- Accuracy- Take reasonable measures to ensure only accurate data is collected.
- Storage Limitation- Data must not be kept for longer than needed.
- Accountability- It is your job to take responsibility for complying with GDPR and letting customers know should there be a data breach.
What Are The Customer’s Individual Rights?
Every customer has a right to their own data, and as a business, you cannot withhold that without their permission.
Individuals have the right to:
- The Right to Access- Individuals have the right to be sent a copy of their data.
- Rectification- Incorrect data can be rectified by the customer.
- Erasure (right to be forgotten)- At any time, a person has the right to withdraw their data and have it be erased.
- Restriction of Processing- Individuals can choose how their data is processed/used.
- Data Portability- Customers have the right to obtain and use their personal data for any other services.
- The Right to Object- At any point, a customer can object to their data being processed.
Assessing Your Tech’s GDPR Compliance?
So, you may be ticking the obvious GDPR guidelines like moving your paper data onto your computer and adding opt in/out buttons to your forms, but is your tech even secure?
- Data Collection- Evaluate if your tech collects only the necessary data and if users are informed about what data is collected and why.
- Consent Management- Discuss how your tech manages user consent, including obtaining explicit consent and allowing easy withdrawal of consent.
- Data Security- Assess the measures in place to protect personal data, such as encryption, access controls, and regular security assessments.
- Data Processing Agreements- Ensure you have agreements with third parties processing data on your behalf, outlining GDPR compliance.
Consequences of Breaching GDPR
You might wonder, who enforces these rules, and what happens if I don’t comply? The Information Commissioner’s Office (ICO) does. The ICO safeguards the public’s informational rights and has the authority to impose necessary consequences.
- Fines- A Monetary Penalty Notice of £1,000 can be issued at first and “if you fail to comply with an ICO enforcement, you could be fined up to £17.5 million, or 4% of your worldwide annual turnover.” (Information Commissioner’s Office (ICO))
- Sanctions- An Enforcement notice, reprimand, and/or suspension of data processing can be issued.
- Reputational Damage- GDPR beaches can damage customer trust, and in turn, a loss of revenue.
Conclusion
Don’t run the risk of an expensive fine, damaged reputation, and losing your business. To ensure that your business’s tech is GDPR compliant and to get a full audit with solutions tailored to your business, contact us below.
For more details, visit the ICO website.
Contact form
Latest News
Testimonials
"Emerald has become our go-to for all our technology requirements. If we think we need to address an issue, we contact them and explain, and they suggest a solution not only for immediate use, but also looking at the longer term picture for our business too.
They keep a constant eye on our systems and usage and suggest when appropriate courses of action should be taken to enhance our working environment"
THE HITCHMAN STONE PARTNERSHIP
"In the past, we had experienced problems with IT companies who had the ability over promise and under deliver.
This was not the case with Emerald. Emerald are now our trusted partner for all of our IT support needs. They offer honest, impartial advice that is delivered in a language even the novice can understand.
Having one number that our team can call with any IT or telephone concerns makes such a difference, especially when this is backed up with prompt resolution."
Richard Hall - Inn Express
"We've been working with Emerald for many years and their support has been invaluable on all aspects of IT from maintenance of systems & phones to new purchases and solutions.
Emerald are professional and their services are precise and innovative where needed. Their customer support is outstanding. Highly recommended."
Jeryl Stone - Hitchman Stone
"When your whole business rests on a cloud-based system, having a flexible, cost-effective, secure, and well- maintained solution is what helps you sleep better at night. That's what Emerald is here for"
Leech & Co Solicitors Data Centre Backup