FeatureIT and GDPR
The EU’s General Data Protection Regulation (GDPR) came into effect on 25 May 2018. Here’s some information on what the GDPR is, how it affects your business and what FeatureIT has done to comply.
What changes has the GDPR brought?
The GDPR is a new regulation designed to secure the personal data rights of EU residents. It imposes new rules on organisations that govern how they process and store personal data. The GDPR also provides individuals with certain rights over their personal data, including the rights to access, correct and delete personal data.
Individuals Have the Right To:
- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to processing of their personal data
- Export personal data
Processors Are Required To:
- Provide clear notice of data collection
- Outline processing purposes and use cases
- Define data retention and deletion policies
Processors Will Need To:
- Protect personal data using appropriate security practices
- Notify authorities within 72 hours of breaches
- Receive consent before processing personal data
- Keep records detailing data processing
Processors Will Need To:
- Train privacy personnel & employees
- Audit and update data policies
- Employ a Data Protection Officer (only required by those meeting certain criteria)
- Create & manage processor/vendor contracts
How does the GDPR affect your business?
The GDPR applies to any organisation that processes personal data of European Union residents irrespective of where the organisation practices from.
Here are some resources about how the GDPR affects small to medium businesses.
- Frequently Asked Questions about the incoming GDPR – A list of FAQs about the incoming GDPR.
- The EU General Data Protection Regulation – IT Governance outlines the key elements of the GDPR.
- Preparing for the GDPR – The Information Commissioner’s Office has released a 12-step checklist on getting your business GDPR-ready.
- Intersoft Consulting GDPR – Intersoft Consulting transformed the official GDPR PDF to a browsable version.
What has FeatureIT done about GDPR?
At FeatureIT, we understand the implications of the GDPR and see compliance as an opportunity for us to firm up our processes for all our customers and their data. Here’s what we’ve done:
- We have identified the areas in our product where we need to make changes in order to comply.
- We have engaged with our architecture and product teams to specify the changes required.
- We have mapped out our internal data flow and processes to ensure we are aware where all personal data is stored, transferred and processed.
- We have reviewed our contractual arrangements with our subprocessors and ensured their processes are compliant.
- We have started our internal awareness and training campaigns.