What is GDPR?
The GDPR is giving the EU citizens increased data privacy from the 25th May 2018. The European union has created GDPR to protect the EU citizens right and their data privacy.
GDPR is to Ensure that your data is your correct data, which will limit organisation in the EU from accessing your personal data. It doesn’t mean there’s limits to what you can do with your data information. From the 25th of May, all data belonging to you is your personal data only. Personal data is all data about you including digital data that they can use to identify you.
This type of data can be collected from various ways such as;
This includes but not limited to email services, information and content on various online platforms including, insurance information, online behaviour, personal contact information and activity on your mobile devices etc.
Basically, everything there is to know about you and your digital life.
Your data should be handled lawfully, fairly and transparent to you. You will have to give consent for every form of your information to be processed. Appropriate safeguards must be put in place to protect your data from being misused and to protect your data privacy.
A data protection officer will oversee and monitor the data controller and processor to make sure your data is handled appropriately. If you reside in the EU, your personal data will be protected by the GDPR compliance.
Information about the data processing has to be given easily through understandable text outlining every single purpose of the data. Basically, terms and conditions will be restructured from legal text to readable text, making sure your consent can be withdrawn as easily as it was given. Furthermore, your right to data privacy is protected by default and by design
GDPR Compliance and Policy
The European parliament general data protection regulation comes into effect on the 25th MAY 2018. This will strengthen data protection for EU citizens and bring new changes to how businesses approach information security, data privacy and information governance.
The legislation is pivotal for businesses operating in Europe because GDPR sees introduction of mandatory security notifications which gives more freedom for citizens by how their personal data is used.
To achieve this, your company can take the following steps to start becoming GDPR compliant.
- The one of the first steps you can take, make the employees aware GDPR and help them understand what it is and how it is going to affect your company.
- To help make sure your company is using the private data correctly before the launch date. You can appoint a data officer.
- Introducing a GDPR handbook can help employees even further.
- You may have to audit your existing systems, procedures, contracts and supplier.
- By having the correct procedures and good practice in place it can make it easier to detect, investigate and report breaches of security.
The market leading EU GDPR documentation toolkit contains a complete set of mandatory and supporting documentation templates that are easy to use.
How to demonstrate accountability under the GDPR
- Keep up-to-date documentation of processing activities.
- Appoint a data protection officer (DPO) if appropriate.
- Implement measures to meet the principles of data protection by design and by default.
- Implement appropriate technical and organisational measures (policies and procedures) to ensure and demonstrate compliance.
- Conduct data protection impact assessments (DPIAs) where appropriate.
To ensure full compliance with the GDPR, you may also need to review the following documentation and policies;
- Data protection policy
- Training policy
- Information security policy
- DPIA procedure
- Retention of records procedure
- Subject access request form and procedure
- Privacy procedure
- International data transfer procedure
- Data portability procedure
- DPO job description
- Complaints procedure
- Audit checklist for compliance
- Privacy notice
To find out more about how GDPR effects the way you store your paper documents, as well as how this may affect your scanned data stored in a digital format and steps that you need to take to have your documents / records scanned to GDPR compliance, please contact us for further details.