GDPR Data Protection.

GDPR 2018 is fast approaching... and here is all the information you need to know. 

What is GDPR?

The General Data Protection Regulation (GDPR) comes into force on 25 th May 2018 and affects every organisation in the world which ‘processes’ or ‘controls’ personal information relating to individuals in the EU. Many of GDPR’s concepts and principles are similar to the Data Protection Act (DPA) however there are new elements and significant enhancements which your organisation will need to implement.

Failure to meet regulations could be a hefty price to pay. Personal data breaches must be reported to the relevant supervisory authority within 72 hours of the breach. Failure to notify a breach can result in a fine up to €10 million or 2% of global turnover. The fine can also be combined with the ICO’s other corrective powers under Article 58. It’s safe to say, failing to meet the requirements is not worth the time it takes to review your archives.

What you need to know

Many organisations tend to ignore or put aside their paper archives, however these paper records should not be overlooked. One of the most significant changes between the DPA & GDPR is the rights individuals will have over their personal information. In particular, GDPR provides the following rights for individuals:

The right to be informed

The right to be informed encompasses an organisations obligation to provide ‘fair processing information’. Information relating to identity, controller details and the purpose of processing data are just a few examples of when individuals must be informed.

The right of access

Under GDPR individuals have the right to obtain confirmation that their data is being processed and access to the information itself. A copy of the information must be provided free of charge and without delay to the individual (within 1 month of receipt at the latest).

The right to rectification

Individuals are entitled to have their personal data rectified if it is inaccurate or incomplete. If your information has been disclosed to third parties, organisations must inform them of the rectification were possible.

The right to erase

Individuals can request for ‘the right to be forgotten’ in circumstances when: personal data is no longer necessary in relation to the purpose it was processed, the individual withdraws consent and when the data has been unlawfully processed.

The right to restrict processing

Under GDPR individuals have the right to ‘block’ or suppress the processing of personal data.

The right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. The personal data must be provided in a structured, readable form including CSV files and must be provided free of charge.

The right to object

Individuals have the right to object processing based on legitimate interests, direct marketing and for circumstances including processing for purposes of scientific/historic research and statistics.

You may be processing more personal information than you think.…

As expected, organisations which process personal information on a regular basis will see the impact of GDPR on an unmissable scale. Some of the organisations which will be largely impacted are:

  • Public and private medical practices who access patient records and files on a regular basis.
  • Banks and accountancy firms who store individual’s personal information, specifically financial records such as bank statements and debit/credit card details.
  • H. R department store, access and manage personal data on a regular basis. For example: employee records, payslips and appraisals.

What is classified as personal data?

GDPR clarifies that the concept of personal data includes online identifiers and location data, in addition to standard demographic information. This means that IP addresses and mobile devices are now included as personal data and must be protected accordingly. Genetic and biometric data including: gene sequences, fingerprints, facial recognition and retinal scans are also classified as personal data and therefore subject to GDPR.

If your organisation is processing any data of the above requirements, you ARE affected by the General Data Protection Regulation.

Your solution

Now you have the knowledge to comply with GDPR, it’s time to identify your solution.

Firstly, your organisation must decide on the dedicated person who is responsible for ensuring compliance is met. The selected employee must review all current and archived documentation asking themselves the following questions:

  • 1.Can you access information you may need in a timely and cost-effective manner?
  • 2.How long would it take you to find this information?
  • 3.Do you know where this information is?
  • 4.How many copies of the document exist?
  • 5.Most importantly, can you adhere to GDPR if a customer asks you for the right to erasure and you cannot find the information?

If the answer is NO to any of these questions, changes need to be made to your organisation including implement an effective records management policy to ensure compliance is met.

For more information on GDPR, please refer to the Information Commissioner's office's guide at: https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf.

Take control of your data by working with Storetec Services to discover your tailored scanning solution. Online access to digitised documentation enables you to take control, allowing for easy search with immediate and controlled access to the documents you need and access to full audit trails. Storetec Services can assist with the scanning of any type of documentation you may have, in addition to: document storage, secure document destruction and cloud-based document management solutions

If you would like more information on GDPR policies or advice on how to ensure your company is compliant, please do not hesitate to contact us. Whether you require a quick chat or would prefer to have a face to face meeting, we can help. 

How will GDPR affect your organisation?

In simplistic terms, GDPR will affect every organisation which holds personal information about people living in European Union. This legislation will affect both the private and public sectors. For more information on how GDPR will affect your sector, please click on the relevant image below. 

PROFESSIONAL AND FINANCIAL


Professional and Financial

Click here for more information on how GDPR 2018 will affect:
-Legal 
-Insurance 
-Accountancy 
-Stock Market

PUBLIC SERVICES


Public Sector

Click here for more information on how GDPR 2018 will affect:
-Health
-Government 
-Education
-Non-for-profit 

MANUFACTURING


Manufacturing

Click here for more information on how GDPR 2018 will affect:
-Construction
-Petrochemical 
-Food
-Shipping

FACILITIES MANAGEMENT


Facilities Management

Click here for more information on how GDPR 2018 will affect:
-HR Files