GDPR & Data Security

GRPR Countdown - May 25th 2018


The General Data Protection Regulation (GDPR) will come into force on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.
It is imperative that key personnel in your organisation are aware that the law is changing to the GDPR, and start to factor this into their future planning. They should start to identify areas that could cause compliance problems under the GDPR.

Are You A Data Controller?
In essence, you are a data controller if you can answer YES to the following question: Do you keep or process any information about living people?
Your Legal Responsibilities
You have certain key responsibilities in relation to the information which you keep on computer or in a structured manual file about individuals.
Safe & Secure
The security of personal information is all-important. It will be more significant in some situations than in others, depending on such matters as confidentiality and sensitivity.
Time is Critical
This requirement places a responsibility on data controllers to be clear about the length of time for which data will be kept and the reason why the information is being retained.
Fair Obtaining and Processing
This is the fundamental principle of data protection. If your organisation wishes to keep personal information about people on computer, then you must collect the information fairly, and you must process (or use) the information fairly.
Specifying the Purpose
You may not keep information about people unless it is held for a specific, lawful and clearly stated purpose. It is therefore unlawful to collect information about people routinely and indiscriminately, without having a sound, clear and legitimate purpose for so doing.
Keep it Accurate and Up-to-Date
You must ensure that the personal information you keep is accurate and up-to-date. Apart from ensuring compliance with the Acts, this requirement has an additional importance in that you may be liable to an individual for damages if you fail to observe the duty of care provision in the Act applying to the handling of personal data.
Adequate, Relevant and Not Excessive
The personal data you keep should be enough to enable you to achieve your purpose, and no more. You have no business collecting or keeping personal information that you do not need, “just in case” a use can be found for the data in the future. You should not ask intrusive or personal questions, if the information obtained in this way has no bearing on the specified purpose for which you hold personal data.
Retain it no Longer than is Necessary
Nowadays information can be kept cheaply and effectively on computer. This requirement places a responsibility on data controllers to be clear about the length of time for which data will be kept and the reason why the information is being retained. If there is no good reason for retaining personal information, then that information should be routinely deleted. Information should never be kept “just in case” a use can be found for it in the future.
Give a Copy of His/Her Personal Data to any Individual, on Request
You are also obliged to explain to the data subject the logic used in any automated decision making process where the decision significantly affects the individual and the decision is solely based on the automated process.

In A Nutshell - What Is A GDPR Audit?

What Happens Next?

Once you get in touch, one of our representatives will contact you to arrange a site visit to carry out the audit. We will ask a few simple questions about your current setup etc.

What Do We Receive?

We will provide you with a detailed document outlining your current data security situation and the steps required to improve it.

How Long Will It Take?

We will be on-site for up to 4 hours carrying out the audit but will not cause any downtime for you. We may ask a few questions and take over each computer for a few minutes.

Can You Fix Issues For Us?

Of course! We have a team of highly qualified data protection specialists ready to solve any of the issues that arise during the survey.

Data Protection in Schools

Data protection is the means by which the privacy rights of individuals are safeguarded in relation to the processing of their personal data. Therefore, schools must be aware of the legal duties placed upon them when collecting or processing personal data.Schools bear a considerable responsibility and accountability for the development of young people, for the implementation of Government policies and for the expenditure of State funds. Schools accumulate substantial amounts of personal information about pupils, parents, staff, management and suppliers. It is therefore particularly important for schools that appropriate and up-to-date policies and procedures are in place for the protection and proper use of all such accumulated data and records.

What can I do NOW to prepare for the GDPR?

It is imperative that key personnel in your organisation are aware that the law is changing to the GDPR, and start to factor this into their future planning. They should start to identify areas that could cause compliance problems under the GDPR. Initially, data controllers should review and enhance their organisations risk management processes, as implementing the GDPR could have significant implications for resources; especially for more complex organisations. Any delay in preparations may leave your organisation susceptible to compliance issues following the GDPR’s introduction.

Ready to find out more?

Drop us a line today to discuss your requirements.