If you hold personal information on your IT systems then you need to ensure this data is secure.
The EU General Data Protection Regulation (GDPR) is now in full force and you need your IT systems to be compliant. The deadline for enterprises to comply with the changes was the 25th of May 2018 and the penalty for breaking the regulations is financially extreme.
KFA can help you to identify what data you hold and security issues with your business systems. We can code functions to remove or encrypt data and write encryption and/or archiving functions so you do not hold data beyond legal retention periods.
Need help to ensure your business conforms to the legal requirements of the regulation? By adopting ‘Privacy by Design’ methodology for new systems being developed or to make relevant changes to your systems we can help you to operate with privacy at the forefront.
Why Do I Need To Comply?
GDPR is a regulation that will be enforced and protects the personal data of subjects from the EU.
The Data Protection Act (DPA) carried fines of up to £500,000 for grave breaches.
If your business is found to breach the rules of the new GDPR regulation the penalty for non-compliance can be substantial and you may face fines of up to €20m or 4% of your annual turnover (whichever is higher).
We think you’ll agree that’s reason enough to take immediate action.
What Do I Need To Do To Comply?
If you hold personally identifiable Information (PII) on your IT systems (e.g name, address, email, telephone number) then you need to ensure this data is secure.
You also need to be able to react to ‘Subject Access Requests’ by providing detailed information relating to the PII records you hold for an individual.
Equally, if individuals exercise their ‘Right to Erasure’ you have to stop processing their data, erase it in a timely fashion and be able to prove you have done so.
GDPR gives greater protection to people and more control over what happens to their PII. You should also be aware that the new regulations don’t just apply to how your business collects and holds customer data, it’s just as relevant to how you hold your employee’s data too.
It’s crucial to establish whether your business assumes the role of ‘Data Controller’ or ‘Data Processor’ as the roles are quite different. Contracts should clearly define the roles and responsibilities as the Controller will be liable for any/all financial repercussions for a breach of the regulations.
You should also consider whether your business has an obligation to appoint a Data Protection Officer (DPO) – for some organisations, this will be mandatory.
Carry out a Data Protection Impact Assessment (DPIA) to identify risks to personal information. Essential when designing new processes that carry a high risk of data breaches.
Businesses must be able to facilitate the following:
- The Right to be Informed
- The Right of Access
- The Right to Rectification
- The Right to Erasure
- The Right to Restrict Processing
- The Right to Data Portability
- The Right to Object
- The Right to NOT be Subject to Automated Decision Making & Profiling
Help you identify security issues with your systems and provide recommendations to secure your data.
Work with you to identify all the application database tables that hold personal data.
Help you identify why you have the data and if you really need it e.g. do you need customer order details beyond warranty periods?
Code functions to remove or encrypt all of a customer’s data from your IT systems when/if requested. We will also provide audit reporting for these functions.
Write functions to retain data that is legally required i.e. invoice data.
Write encryption/archiving functions for your transactional data so you do not hold customer data beyond legal retention periods.
Write new solutions using the ‘Privacy by Design’ methodology – to prioritise privacy and data protection compliance from the start when a new system is being developed.
Over 10% of our staff are qualified to GDPR Practitioner level. We understand and work with business-critical applications and the data within those applications every day – it’s what we do!
Read our blog post ‘GDPR – Are you ready?’ here
Get in touch
Want to learn more about how we can help your business with GDPR compliance? Then get in touch with our team today.