The GDPR regulations have been in force for one month now and it’s great to see so many organisations large and small taking on board the message that individuals personal information is a privilege to process and not a right. But for every exceptional measure we’re also seen some poorly put together privacy policies that fail to pass GDPR standards, either using inappropriate lawful bases, not declaring the use of their party processors, not notifying individuals of personal information obtained not directly from them, or just outright misuse of personal information. Read more
nThe GDPR came into force on May 25th 2018. If you are still not compliant, contact us immediately!”,”serverSync”:”2018/05/10 16:57:54″}’>
Time is running out
The General Data Protection Act will come into force across Europe on May 25th 2018.
Any organisations that processes personally identifiable information will need to be compliant with the GDPR.
Time is running out, but we can still help you get your documentation and processes ready to meet your GDPR requirements.
GDPR doesn’t apply to me
The GDPR does not apply to you if you’re just managing information for purely personal or household activities. So you don’t need to worry about keeping the window cleaners details in your phone.
However, If you are a business of any size and you manage personally identifiable information, the GDPR will apply to you.
What is personally identifiable information?
The GDPR says that Personally Identifiable Information is any information that can be used to identify an individual.
This can be directly (like a person’s name or email address) or indirectly (such as a client reference number, or IP details)
Common types of personally identifiable information you may use are things like employee details, customer and supplier information, cookies used on your website and emails.
But my only contacts are other businesses
In reality, this is probably note the case.
Most people have personal information for their business contacts, such as their name, position in the company or personalised email address.
What do I have to do?
You need to make sure you have documented how you collect and manage personal data, stating what safeguards you have to protect that information, and how it’s going to be used.
You need to identify a lawful basis for using the information, and make sure it is only used for that purpose.
And you need to know where the information is, who has access to it and how you can manage it if you receive a data subject request
#WeCanHelp
There’s a lot of work that needs to be done getting GDPR compliant, we can take the burden off you and create the policies, documentation and processes you need to make sure your organisation is compliant.
We can continue to support you by processing your incoming user requests and monitoring your processes to make sure your organisation remains GDPR compliant.
Contact Us Today!
Some of the GDPR specific services we offer include:
The ICO have opened consultation on their Regulatory Action Policy which sets out how the ICO will deal with the organisations it regulats under various legislation, including the General Data Protection Regulation (GDPR or the Data Protection Bill as it will be in the UK once we leave Europe), the Freedom of Information Act and the Privacy and Electronic Communications Regulations (PECR) Read more
Regulation EU 2016/679, known as the GDPR or The Data Protection Act 2018 in the UK relates to the use of individuals personally identifiable information.
What is Personally Identifiable Information?
Any information that can be used to identify an individual directly or indirectly is personally identifiable information and so covered under the GDPR.
Common types of Personally Identifiable Information are;
Names
Email Address (personal ones and business ones if they identify the individual such as joe.blogs@company.com)
Address
Unique Reference Numbers
Registration Plates
Photos
Phone Numbers
Some types of Personally Identifiable Information have a special category status, these include things like;
Health Information
Bio-metric Information
Sexual information
Religious Information
If you handle any of the special category information, you need to provide additional levels of security and have explicit consent from the data subject to process it.
Do I handle Personally Identifiable Information?
If you have any of the following, it’s likely that you are handling Personally Identifiable Information;
Employee Information
Customer Information
Prospects Information
Suppliers Information
What do I have to do to be compliant?
You need to make sure you are registered with the ICO as being compliant to handle Personally Identifiable Information.
You need to make sure you know how your organisation is processing information under the GDPR, where is it coming from, how is it being used, who has access to it, where does it go, how long do you hold it for?
You need a Privacy Policy to document how your are managing the security of the information you have, in this you need to identify the lawful basis for processing the information, and keep records of how you have come to the lawful basis, how you have processed information, and how you have ensured the security of the information.
You need a Privacy Notice to notify the individuals who’s information you have, about how you have obtained that information, how you’re going to use it, your lawful basis for using it, how you’re going to protect it and how they can submit requests to update or prevent processing on it.
You also need a means of monitoring your information store, either paper based or digital, that can identify when a breach happens. A breach could be as simple as accidentally deleting information or it could be as serious as someone unauthorised getting access to the information.
Responding to individual requests
Individuals have various rights to their data depending on your lawful basis for processing. You are required to respond to these requests in 30 days, and without any fee. You must provide any information in an easy to access format, and explain any technical terms used.
Responding to individual requests is something you should have a documented process for, this will save you time and trouble if and when you receive any requests, and will help keep you compliant with the GDPR.
#WeCanHelp
There’s a lot of work that needs to be done getting your organisation GDPR compliant, we can take the burden off you and create the policies, documentation and processes you need to make sure your organisation is compliant.
We can continue to support you by processing your incoming user requests and monitoring your processes to make sure your organisation remains GDPR compliant.
General Data Protection Regulations
Data Protection Act 2018
The GDPR UK implementation and the UK Data Protection Act 2018 govern how organisations can process personally identifying information.
If your organisation needs to process personal information, it needs to be registered on the ICO database, and have a Data Protection Policy in place detailing the use of personal information.
Personal Information is any information that can identify an individual, such as employee names, customer id’s or CCTV footage.
If you need help assessing your GDPR compliance, contact us immediately for a GDPR review.
It’s not just businesses that need to know about GDPR. The GDPR is all about you.
The GDPR are a set of new regulations that say how organisations can collect, use and store data about you. It also states what rights you have to your data, and how you can get hold of the data any organisation has about you.
The GDPR covers information that identifies individuals only, so any business to business marketing would not be covered as long as the details are generic and don’t identify an individual.
So if the email address was sales@businessname.co.uk that would be fine, no individual is identified, however if your contact is j,bloggs@busniessname.co.uk then you are identifying an individual and therefore GDRP does apply.
That doesn’t mean you can’t send marketing materials to them, there are several basis for consent that could apply depending on the situation, as long as the information you’re sending is relevant, expected and not intrusive.
Business Cards
The GDRP will apply to business cards if they contain an individuals personally identifiable information, like their name (and what business cards don’t have names on them!) and if you store them in an ‘organised filing system’
That could apply to a filofax, rotadex or similar system, or if you input the details into a digital storage system, like your phone or PC address book. It’s slightly less clear if the information is ‘stored’ loose in your draw or desk.
Again, the GDPR offers means to ‘store and process’ this information in this way, you just have to be aware of it and make sure you don’t use the information in a way that would be unexpected. It might be expected to pass the details onto an interested third party, say a work colleague, who might want to make contact with the individual. It would probably not be expected for you to pass that information onto a third party marketing company that has no relation to you or your business.
#WeCanHelp
There’s a lot of work that needs to be done getting GDPR compliant, we can take the burden off you and create the policies, documentation and processes you need to make sure your organisation is compliant.
We can continue to support you by processing your incoming user requests and monitoring your processes to make sure your organisation remains GDPR compliant.
Contact Us Today!
Some of the GDPR specific services we offer include:
Data Protection Officer Services
Policy Writing
Data Handling
ICO Registering
Process Monitoring
Process Assessment
General Data Protection Regulations
Data Protection Act 2018
The GDPR UK implementation and the UK Data Protection Act 2018 govern how organisations can process personally identifying information.
If your organisation needs to process personal information, it needs to be registered on the ICO database, and have a Data Protection Policy in place detailing the use of personal information.
Personal Information is any information that can identify an individual, such as employee names, customer id’s or CCTV footage.
If you need help assessing your GDPR compliance, contact us immediately for a GDPR review.
When the Data Protection Act is replaced by the GDPR, what is going to happen to your existing data? Will you need to contact everyone to get permission to hold their data? what about if they don’t respond? Read more
Are you GDPR Ready?”,”serverSync”:”2018/04/23 12:30:15″}’>
May 25th – Are You Ready?
On May 25th 2018, Regulation EU 2016/679, better known as the General Data Protection Regulations (GDPR) will come into force in the EU, and will have an impact on organisations worldwide that deal with personal information from EU citizens. GDPR is the successor to the Data Protection Act in the UK, which has been around since the 1980’s Read more
There’s a lot of work that needs to be done getting GDPR compliant, we can take the burden off you and create the policies, documentation and processes you need to make sure your organisation is compliant.
