What is GDPR?

January 23rd, 2018

The GDPR gives EU citizens increased data privacy from the 25th May, 2018. The European Union has created the GDPR to protect EU citizens’ data privacy along with their rights. The GDPR aims to standardise laws controlling data protection across all EU member countries and allow people to see how their data is being used.

This includes data from email services, online behaviour, activity on your mobile devices, personal contact information, and content on various online platforms such as insurance information.

Basically, everything there is to know about you and your digital life.

Your data should be handled lawfully, fairly and transparent to you. You will have to give consent for every form of your information to be processed. Appropriate safeguards must be put in place to protect your data from being misused and to protect your data privacy.

A data protection officer will oversee and monitor the data controller and processor to make sure your data is handled appropriately. If you reside in the EU, your personal data will be protected by the GDPR compliance.

Information about the data processing has to be given easily through understandable text outlining every single purpose of the data. Basically, terms and conditions will be restructured from legal text to readable text, making sure your consent can be withdrawn as easily as it was given. Furthermore, your right to data privacy is protected by default and by design

GDPR Compliance and Policy

The European parliament general data protection regulation comes into effect on the 25th MAY 2018. This will strengthen data protection for EU citizens and bring new changes to how businesses approach information security, data privacy and information governance.

The legislation is pivotal for businesses operating in Europe because GDPR sees introduction of mandatory security notifications which gives more freedom for citizens by how their personal data is used.

To achieve this, your company can take the following steps to start becoming GDPR compliant.

  • The one of the first steps you can take, make the employees aware GDPR and help them understand what it is and how it is going to affect your company.
  • To help make sure your company is using the private data correctly before the launch date. You can appoint a data officer.
  • Introducing a GDPR handbook can help employees even further.
  • You may have to audit your existing systems, procedures, contracts and supplier.
  • By having the correct procedures and good practice in place it can make it easier to detect, investigate and report breaches of security.

The market leading EU GDPR documentation toolkit contains a complete set of mandatory and supporting documentation templates that are easy to use.

How to demonstrate accountability under the GDPR

  • Keep up-to-date documentation of processing activities.
  • Appoint a data protection officer (DPO) if appropriate.
  • Implement measures to meet the principles of data protection by design and by default.
  • Implement appropriate technical and organisational measures (policies and procedures) to ensure and demonstrate compliance.
  • Conduct data protection impact assessments (DPIAs) where appropriate.

To ensure full compliance with the GDPR, you may also need to review the following documentation and policies;

  • Data protection policy
  • Training policy
  • Information security policy
  • DPIA procedure
  • Retention of records procedure
  • Subject access request form and procedure
  • Privacy procedure
  • International data transfer procedure
  • Data portability procedure
  • DPO job description
  • Complaints procedure
  • Audit checklist for compliance
  • Privacy notice

To find out more about how GDPR effects the way you store your paper documents, as well as how this may affect your scanned data stored in a digital format and steps that you need to take to have your documents / records scanned to GDPR compliance, please contact us for further details.