The General Data Protection Regulation is a new set of regulations brought into UK law, with enforcement due to commence at the end of this month (25th May 2018). This concerns the handling, processing, usage and storage of personal data for any UK or EU citzen.
We wanted to provide some information for our clients based on our own research and understanding about what this new regulation means, and look to assist our clients in their own journey towards achieving compliance.
Who does this relate to?
GDPR concerns ‘data controllers’ who are the parties that determine the purpose and means of processing personal data, and ‘data processors’ who are responsible for processing the personal data on behalf of the controller. An example might be when Fifteen Ten produce a website for a recruitment agency client, we as the ‘processor’ are processing the data on behalf of our recruitment agency client, the ‘controller’. More information can be found on the relevant parties on the ICO website here.
Why does it matter?
GDPR is the most revolutionary change in data management in a generation, and means the policies, processes and practices around data control must be brought up to date to avoid increased fines.
The GDPR is intended to tighten the net on unscrupulous operators. Our lives are increasingly digital, and we give up an alarming amount of information about ourselves with little thought as to where it might end up. Recent high profile data breaches demonstrate that no website is 100% safe from malicious meddling, and the GDPR not only aims to catch those who are intentionally misusing data, but also those with incomprehensible terms, outdated software solutions and more.
As owners of our own personal data, as well as perhaps part of (one would assume if you’re reading this blog) a commercial entity who may also be involved in processing or controlling someone else’s personal data, it impacts numerous areas of our lives.
Is it easy to become compliant?
I’m afraid there’s no quick fix solution. The GDPR is wide ranging and impacts a number of practices. Each business is categorised differently, and practices can vary from one business to the other; so there’s no doubt it can be complicated and time consuming, though we believe the changes to be worthwhile in the long run.
How can we work towards our own compliance?
At Fifteen Ten we are not solicitors and thus you must seek professional legal counsel to advise on the nuances of your own operation. We have recently invested in an audit and overhaul of our entire policy framework; it cost a few quid of course, but we thought it necessary to ensure we're ahead of the game in terms of data protection. We encourage you to check back to our website in 7-14 days to review our new and improved policy documentation should you wish to.
Your own compliance will require a comprehensive review of your own practices and policies, ensuring your data management procedure is up to scratch. From our side however, there are steps we can help you with towards demonstrating that you take data protection seriously, which is a key component of GDPR compliance.
Steps such as adding encryption to your website in the form of an SSL certificate, engaging our technical support services to provide you with a safety net in case of future issues requiring investigation and more, or the development of contact forms that allow your subjects to request information and removal more easily; we are here to help and assist in any way we can.
Where can I find out more
There are thousands of resources online around GDPR, from video content through to white papers, brochures, blogs and the rest of it. We suggest you go straight to the most reputable sources, to ensure you’re getting useful information. We’ve listed three below.
Recruitment and Employement Confederation - GDPR Homepage
APSCo GDPR Toolkit
Or of course you can contact us on firstname.lastname@example.org should you require any further information on our own data processing practice, or if you require your details be adjusted or removed for any reason.