On May 25th, 2018, the EU’s General Data Protection Regulation (GDPR) takes effect and becomes enforceable. The new regulation, technically known as EU 2016/679, replaces the Data Protection Directive, which already goes back to 1995. All companies now have to consider how they process and store data.
In order to adhere to the new rules Simple data safe have created a solution that is a dynamic communication software and data storage platform. As an affordable retail data entry platform it ensures the processing of data under GDPR at each customer touch point is completed lawfully and with specific consent in line with GDPR rules.
From initial contact through to order forms, finance applications and product purchases and more, the platform provides your customers specific, granular consent information, often with two point authentication. All communication with customers is stored in a history file, with easily access for you to fulfil the GDPR individual access requirements.
The aim of the General Data Protection Regulation is to reinforce the data protection rights of the individuals, facilitate the free flow of personal data in the digital single market and reduce administrative burden.
The ICO (Information Commissioner's Office) which is the Government organisation that enforces the Data Protection Act have suggested 12 simple steps to get ready for the new GDPR rules the information through out this website aims to share information and workflows to support those planning steps.
Awareness: There have been rules in place to protect consumers since the Data Protection Act 1998 the key points to review in the new rules are
Defined as a “natural person” individuals have data rights.
11 chapters – 99 Articles
The ICO have made the point in recent communications that GDPR is not just about fines, companies need to review and understand how they process and gain specific consent for the use of an individual’s data.
The Higher sanctions – up to 20 million euros – 4% of Global turnover, these relate to
The implantation of appropriate technical and organisational measures to show you have considered the integration data protection into your processing activities
Where are your data sources?
Just because it was permitted under data protection act does not mean it will be permitted under GDPR
What does a Data Protection Officer do?
Appointing a DPO:
DPO : review Data Controller or Data Processor - Contracts
Audit will be required for contracts with third party processors to asses the compliant and lawful processing and storage of data
Controllers and processors equally responsible