Now at Gopher, we know you are quite possibly a little tired of hearing that dreaded acronym GDPR. From Wetherspoons who decided to delete their entire mailing list, to the Sun who bombastically claimed that “builders, cleaners and gardeners could face huge fines just for sending an email to drum up business thanks to draconian EU laws on data protection,” GDPR is everywhere, and seemingly affects everyone.
Now whilst there is a huge amount of scaremongering around GDPR, and we would highly recommend that everyone keep calm, if for no other reason that we are British and it is what we do, undoubtedly change is comin’. And this is no truer than in the IT space, where business owners are going to have be far more diligent and careful when dealing with data. So, at Gopher, we have come up with some simple, no-nonsense, easy to implement bullet points on dealing with GDPR that should make the entire process rather more palatable.
First and foremost, you need to make darn well sure that your staff and team members are fully aware of the law and its implications.
You need to know three things regarding your data:
- What personal data you hold
- Where it comes from
- Who you share it with
You may find it helpful to carry out a data audit to gain a proper grasp on your current situation, because with this knowledge comes the power to be fully compliant with GDPR.
- Privacy information
- Individual’s data
Under GDPR an individual has the right to request that their data is deleted, restricted or accessible by themselves. Not only that, but the data must be delivered in a structure that is commonly used and machine readable. It is worth checking your processes and seeing if you have an infrastructure in place that allows you to easily carry out these tasks.
Here’s the biggie and the one we really can’t stress enough. You need active consent, so an individual needs to make a decision and tick a box that says they want you to keep their data. The old trick of having pre-ticked boxes or inferred consent is no longer going to work. This doesn’t mean you need to reprocess all your old data, but in dealing with any new marketing initiatives you need to be careful.
For the first time GDPR will regulate how we process the data of children; and may well require that a parent or guardian allows consent.
- Data breaches
As one of the most important facets of GDPR you need to ensure that are able to swiftly and effectively deal with any data breaches. This includes informing the ICO, as well as a whole host of other processes that must be implemented by certainly some of the larger corporates.
- Data Protection Officers (DPO)
Not necessarily destined to be the most popular person in your office, the DPO should be trained and have a thorough understanding as to the impact of GDPR, ensuring that your business remains compliant. You need one if you are:
- A public authority
- An organisation that carries out the regular and systematic monitoring of individuals on a large scale
- an organisation that carries out the large scale processing of special categories of data, such as health records, or information about criminal convictions.
We would highly recommend you take a look at this fantastic blog by the ICO which is full of helpful information on preparing for GDPR.
And, of course, if you have any more questions regarding GDPR please feel free to give a member of our team a call on 0330 223 1391 or drop us an email on firstname.lastname@example.org. Alternatively, for any IT support do take a look at our website here.