We’ve been round and round, up and down, left and right and all the way there and back again. We are GDPR’d up to the gills and we’re ready to take it head on!
Not everyone is in this position and we thought we’d give you access to the Caboodle font of knowledge. Here’s our GDPR ‘how to’.
We’ve answered your questions, we’ve given you a checklist AND we’ve even given you an all-singing, all-dancing Data Transfer tool. Now, don’t say we never do anything for you!
First things first, What is GDPR?
Over recent months many of you will have been bombarded with GDPR articles, emails, and newsletters, so we’ll keep it brief.
GDPR stands for The European General Data Protection Regulation and does exactly what it ‘says on the tin’. This is a new set of rules created by European Parliament, the European Council and the European Commission. This new law has been designed to further strengthen data protection for all individuals.
Basically, GRDR is being implemented to give control of personal data back to individual, citizens.
Yes, we mentioned the European General Data Protection Regulation. This still means it will be a valid law as Brexit is finalised. There is no getting out of it.
When does GDPR come in?
It becomes enforceable on May 25th 2018.
What exactly is Personal Data?
Personal data is defined as being any record that could identify an individual. This includes basic information such as name, phone number, address and extends into the world of digital identifiers such as IP address and cookie IDs.
What does GDPR mean to ‘actual’ people?
This new regulation aims at giving you power back over your own personal data. Your personal data is no longer ‘fair-game’ just because you clicked a tick box one time a long time ago…
- The right to be forgotten – Users will have the right to request that ALL data related to them that has been collected in the past be deleted completely!
- The need to provide explicit consent – Businesses are having to explicitly and obviously ask a user for all levels of permission to use, collect and process their personal details and data.
- Mandatory data breach notifications – if a data leak were to occur a business has to notify authorities and users within 72 hours.
- Privacy throughout – data protection is vital throughout any and all processes and development. (A good example of this in practice is our GDPR data transfer tool)
- Data Protection Officer – Larger businesses are now required to have someone dedicated to managing the protection of your data.
How are they ensuring GDPR happens?
This news has created a much higher standard with which businesses must use when dealing with all data. They’ve put two solid penalties in place should you fail to do so.
- A large fine of up to €20m
- 4% of global GDP
Why is GDPR happening?
The data protection laws came into play as early as the 1950’s following the convention of human rights. It was then deemed that every person had the right to have respect shown to their private life. It was stated:
“There shall be no interference from a public authority unless there is a reason”
The ambiguity of such statement was then backed up with some much-needed strengthening in the 80’s. This was very much pushed on by the increased use of computers and automatic data processing! This was later updates in 1998 with the Data Protection Act, which aimed to keep up with the computer revolution! This type of thing was repeated across many countries, each with their own take on the law… and, THAT is why we find ourselves being introduced to GDPR! It sets out a list of minimum requirements to ensure that there is a set criterion that EVERY country has to follow, thus no leniency in the abuse of data online!
Having consistency in the law is more important than ever where personal data is concerned. Data breach is a real and serious thing. To demonstrate how important it is to protect personal data we’ve had a look back at what happens when you don’t in our article all about the worst data breaches of all time.
As you can see, it is really important that everyone is up to date with these regulations and understands how to approach them. We’ve come up with a GDPR checklist for you to refer to when dealing with partners and third-party services to help ensure that you are all being GDPR compliant!
- Where are servers/cloud services located?
- What kind of data is it?
- Do you have a security/privacy certification which is in line with GDPR compliance and not just ‘self-certified’?
- Are users and other parties required to sign a data processing agreement?
- Do you have a deletion policy, records ‘electronic paper trail’ of all activity of data?
- Do you offer your users an opt-out?
- Do you have a data privacy officer?
The checklist is here to help you make sure you cover everything.
There is a lot to this GDPR compliance and that’s why we’ve built a tool especially for this.
This helps you transfer electronic data securely to individuals within your business or to a third party. It logs all movement of any data you upload and send. Giving you an electronic paper trail of your historic data transfer.
- Is secure – your data is encrypted to bank-level encryption and the platform is sat on an SSL certificate
- Is easy to use – your data controller can set up staff level permission and third party level permission, each having their own limited access
- Logs all data movement – it logs when data is uploaded – who uploaded it, who it’s sent to, how long until the data will be deleted, who downloaded the data etc.
- Notifies – users will be notified via email that there is data to download from TransferData.co.uk
- Makes your business GDPR compliant – your business will be prepared when the ICO starts auditing business to be GDPR complaint