GDPR Directive May 2018
Written by Dezines Editorial on 9th September 2017
Dezines Internet Solutions Limited has recognised that the General Data Protection Regulation (GDPR) Directive which becomes effective from 25th May 2018, will impact heavily on companies and organisations throughout the UK - many of whom do not have an effective management system to control the Personal Information they hold about their customers.
Overview of the GDPR Directive
The UK Government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and importantly to individuals as security breaches by leading brands has become far more common.
In principle Personal Information Data should be processed lawfully, fairly and in a transparent manner. Additionally accuracy is also a key requirement
as will be the security of how that Personal Information Data is stored. The Data Controller shall be responsible and able to demonstrate compliance
with the GDPR principles.
There are some exceptions to GDPR e.g. Law Enforcement and matters of National Security, but in the main and just like the DPA (Data Protection Act),
the GDPR applies to ‘Personal Information Data’. The GDPR’s definition is however more detailed, and makes it clear that information such as an
online identifier e.g. an IP address, can be regarded as Personal Information Data. The more expansive definition provides for a wide range of
personal identifiers to constitute Personal Information Data, reflecting the fast moving changes in technology and the way organisations collect
information about people - particularly online.
For most organisations, keeping HR records, customer lists, or contact details etc, the change to the definition should make little practical difference. The GDPR applies to both automated Personal Information Data and to manual filing systems, where Personal Information Data is accessible. This is wider than the DPA’s current definition, so the changes are far reaching.
GDPR refers to sensitive Personal Information as “Special Categories of Personal Information”, although these are broadly inline with the current DPA.
Who does GDPR apply to?
The GDPR applies to ‘Data Controllers’ and ‘Data Processors’. The definitions are very similar to that under the current DPA i.e. the Controller says how and why Personal Information is processed and the Processor acts on the Controller’s behalf. If your company are currently subject to the DPA, then you will also be subject to the GDPR Directive from May 2018.
Lawful Processing of Personal Information
There is a great deal of relevant information about the GDPR on the Information Commissioner's Office (ICO) website that we encourage you to look at for all the details about Lawful Processing of PI and the other Key Areas of the GDPR, Accountability & Governance, Breach Notifications, Transfer of Data and National Derogations etc. This article is a 'head's up' that the GDPR will impact your company or organisation without doubt in 2018.
What can Dezines do to help?
Dezines Internet Solutions Limited is a company focused on providing the right technology to help companies and brands prepare for GDPR. Through our
highly secure Platform as a Service (PaaS) website technology, we have a connected framework of solutions that help you manage Personal Information
e.g. our inclusive Customer Relationship Management System which is directly connected
to the front end of the public facing website, allows Personal Information to be collected via secure 256 Bit Encryption online forms and secure Transactional Payment orders, which then immediately create a new CRM record or update's an existing one within the Platform. Historical information about
the individual is securely stored on the platform - although as the technology is Level 1 PCI DSS 2.0 Compliant - no credit card mission critical data is ever stored. We provide a Certificate of Attestation to the compliance of the Platform.
Furthermore as an Adobe UK Partner since 2010, we have access to highly secure International Data-centres where our website developments are stored
on the latest server technology. The Personal Information Data stored on the websites we build is therefore in a highly secure environment from
the start. Additionally as hacking has become very relevant across the world, Adobe has developed its global engineering teams who swiftly react
to any type of DDoS Attack for example, as well as respond in a timely manner to spontaneous and scheduled maintenance related matters in the data-centres.
Adobe has a strong track record of protecting its server technology assets and we are determined to retain our UK partner relationship with them
in the future. We ensure our customers are totally reassurred about the level of security we provide them.
We will be releasing information in the very near future about our exciting new service provision that gives a company an entire solution to help them
trade and market themselves successfully online.
Please don't hesitate to Contact us if you have any questions about the GDPR Directive - we are focused on helping you understand the impact and what you can do to prepare for this important change, and importantly how our service provision has you covered in every way.