GDPR

10 things to consider to ensure GDPR compliance

GDPR (General Data Protection Regulation) was mandated by the European Union and was enshrined in UK Law on 25th May 2018. It goes much further than the original UK Data Protection (of individuals) provisions applying before that date and lays down severe penalties for the officers (Directors, Owners and sometimes Managers) of businesses that do…

GDPR (General Data Protection Regulation) was mandated by the European Union and was enshrined in UK Law on 25th May 2018. It goes much further than the original UK Data Protection (of individuals) provisions applying before that date and lays down severe penalties for the officers (Directors, Owners and sometimes Managers) of businesses that do not comply. 

Fines can be as high as 4% of turnover. Widely reported data breaches have seen British Airways and Marriott Hotels handed fines totalling £300m. 

website of the Information Commissioner’s Office. 

GDPR affects BASDA (The Business Applications Software Developers Association) members both as companies which hold data, for example on their employees and customers, and as providers of business software which enables organisations to hold and process data on individuals. 

Historically almost any information could be held and maintained so long as it was not published. Now any information held about an individual must be fit for purpose (for example, to fulfill any obligations associated with providing a service) and as importantly, must be provided, if requested, to an individual. 

Below are 10 things from BASDA for a business to consider relating to GDPR.

  • Get your taxes in order with the best UK tax software

1. I am a Data Controller. Do I have to register my activities with the GDPR Registrar?

Yes. Data Controllers that hold, maintain and process personal data need to pay a data protection fee to the Information Commissioner’s Office (ICO), unless they are exempt. Currently the fee ranges between £40.00 and £2,500.

(Image credit: Wright Studio / Shutterstock)

2. Who exactly is covered by the provisions of GDPR?

Any individual that believes a Data Controller holds personal data about themselves. This includes employees; client staff; supplier staff; prospective client and supplier staff; people who are sent marketing information about own and third-party products and services etc.

  • Keep your business data secure with the best secure drives available

3. What are my obligations in respect of accessing data I hold?

Individuals have the statutory right to access any personal data a Data Controller may hold about them. This is commonly referred to as ‘subject access’. A request can be made for subject access for full disclosure of all information held by a Data Controller about themselves verbally or in writing and the business has one month to respond. Not responding with full disclosure carries severe penalties for the officers of the business. A fee is not normally chargeable to an individual who makes a request under the provisions of GDPR.

(Image credit: Alexskopje / Shutterstock)

4. What is the information that I may be required to deliver if I receive a request for subject access?

Any information that relates to the subject access, whether held in ‘electronic form’ (to be delivered in paper form), audio recordings, video recordings (then direct copies of these last two) or paper. ‘Electronic form’ includes data held in databases, files (word proccessed, spread sheets etc.) and emails (both business and private).

  • Also check out the best email service

5. How do I ensure internal compliance?

The first step is to

Read More

Be the first to write a comment.

Leave a Reply

GDPR

Amazon Hit with Record EU Data Privacy Fine

Amazon has been hit with a record US$886.6 million European Union fine for processing personal data in violation of the bloc’s GDPR rules, as privacy regulators take a more aggressive position on enforcement.The Luxembourg National Commission for Data Protection imposed the fine on Amazon in a …

Amazon has been hit with a record US$886.6 million European Union fine for processing personal data in violation of the bloc’s GDPR rules, as privacy regulators take a more aggressive position on enforcement.The Luxembourg National Commission for Data Protection imposed the fine on Amazon in a …
Read More

Continue Reading
GDPR

Amazon fined $887 million for GDPR privacy violations

The Luxembourg National Commission for Data Protection made the decision on July 16.

The Luxembourg National Commission for Data Protection made the decision on July 16.
Read More

Continue Reading
GDPR

EU hits Amazon with record-breaking $887M GDPR fine over data misuse

Luxembourg’s National Commission for Data Protection (CNPD) has hit Amazon with a record-breaking €746 million ($887 million) GDPR fine over the way it uses customer data for targeted advertising purposes. Amazon disclosed the ruling in an SEC filing on Friday in which it slammed the decision as baseless and added that it intended to defend…

Luxembourg’s National Commission for Data Protection (CNPD) has hit Amazon with a record-breaking €746 million ($887 million) GDPR fine over the way it uses customer data for targeted advertising purposes.

Amazon disclosed the ruling in an SEC filing on Friday in which it slammed the decision as baseless and added that it intended to defend itself “vigorously in this matter.”

“Maintaining the security of our customers’ information and their trust are top priorities,” an Amazon spokesperson said in a statement. “There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed.

“We strongly disagree with the CNPD’s ruling, and we intend to appeal. The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the

Read More

Continue Reading
GDPR

WhatsApp privacy case must be decided in a month, EU watchdog says

The agency, which leads oversight of Facebook because the company’s European headquarters are based in Ireland, has been investigating WhatsApp to see if it complies with transparency obligations specified by EU privacy rules known as GDPR.

The agency, which leads oversight of Facebook because the company’s European headquarters are based in Ireland, has been investigating WhatsApp to see if it complies with transparency obligations specified by EU privacy rules known as GDPR.
Read More

Continue Reading