DEZINES Internet Solutions Limited has recognised that the General Data Protection Regulation (GDPR) Directive which becomes effective from 25th May 2018, will impact heavily on companies and organisations throughout the UK - many of whom do not have an effective management system to control the Personal Information they hold about their customers.

Overview of the GDPR Directive

The UK Government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and importantly to individuals as security breaches by leading brands has become far more common.

In principle Personal Information Data should be processed lawfully, fairly and in a transparent manner. Additionally accuracy is also a key requirement as will be the security of how that Personal Information Data is stored. The Data Controller shall be responsible and able to demonstrate compliance with the GDPR principles.

There are some exceptions to GDPR e.g. Law Enforcement and matters of National Security, but in the main and just like the DPA (Data Protection Act), the GDPR applies to ‘Personal Information Data’. The GDPR’s definition is however more detailed, and makes it clear that information such as an online identifier e.g. an IP address, can be regarded as Personal Information Data. The more expansive definition provides for a wide range of personal identifiers to constitute Personal Information Data, reflecting the fast moving changes in technology and the way organisations collect information about people - particularly online.

For most organisations, keeping HR records, customer lists, or contact details etc, the change to the definition should make little practical difference. The GDPR applies to both automated Personal Information Data and to manual filing systems, where Personal Information Data is accessible. This is wider than the DPA’s current definition, so the changes are far reaching.

GDPR refers to sensitive Personal Information as “Special Categories of Personal Information”, although these are broadly inline with the current DPA.

Who does GDPR apply to?

The GDPR applies to ‘Data Controllers’ and ‘Data Processors’. The definitions are very similar to that under the current DPA i.e. the Controller says how and why Personal Information is processed and the Processor acts on the Controller’s behalf. If your company are currently subject to the DPA, then you will also be subject to the GDPR Directive from May 2018.

Lawful Processing of Personal Information

There is a great deal of relevant information about the GDPR on the Information Commissioner's Office (ICO) website that we encourage you to look at for all the details about Lawful Processing of PI and the other Key Areas of the GDPR, Accountability & Governance, Breach Notifications, Transfer of Data and National Derogations etc. This article is a 'head's up' that the GDPR will impact your company or organisation without doubt in 2018.

What can DEZINES do to help?

DEZINES Internet Solutions Limited is a company focused on providing the right technology to help companies and brands prepare for GDPR. Through our highly secure Platform as a Service (PaaS) website technology, we have a connected framework of solutions that help you manage Personal Information e.g. our inclusive Customer Relationship Management System which is directly connected to the front end of the public facing website, allows Personal Information to be collected via secure 256 Bit Encryption online forms and secure Transactional Payment orders, which then immediately create a new CRM record or update's an existing one  within the Platform. Historical information about the individual is securely stored on the platform - although as the technology is Level 1 PCI DSS 2.0 Compliant - no credit card mission critical data is ever stored. We provide a Certificate of Attestation to the compliance of the Platform.

Customers can provide consent when submitting online forms to authorise continued connectivity e.g. sending Newsletters which is also controlled from within the platform and directly linked to the CRM system. Our technology will send out 2nd stage verifification emails to ensure the individual does in fact provide consent. Individuals can access and control their Personal Information securely by accessing their online accounts. Our website developments always include detailed 'Cookies', 'Privacy' and 'Terms of Use' Policy statements, and we never pre-populate opt-in check boxes with a tick ... the individual always has to manually select such opt-in options ensuring compliance from early and quality interactions.

Furthermore as an Adobe UK Business Catalyst Partner since 2010, we have access to highly secure International Data-centres where our website developments are stored on the latest server technology. The Personal Information Data stored on the websites we build is therefore in a highly secure environment from the start. Additionally as hacking has become very relevant across the world, Adobe has developed its global engineering teams who swiftly react to any type of DDoS Attack for example, as well as respond in a timely manner to spontaneous and scheduled maintenance related matters in the data-centres. Adobe has a strong track record of protecting its server technology assets and we are determined to retain our UK partner relationship with them in the future. We ensure our customers are totally reassurred about the level of security we provide them.

We will be releasing information in the very near future about our exciting new service provision that gives a company an entire solution to help them trade and market themselves successfully online.

Please don't hesitate to Contact us if you have any questions about the GDPR Directive - we are focused on helping you understand the impact and what you can do to prepare for this important change, and importantly how our service provision has you covered in every way.

Let's talk.