GDPR for you

Business / 28 February

Here at Point Blank we have a thorough knowledge on the upcoming rules for GDPR (General Data Protection Regulation) that is coming into effect in May this year. Here’s the lowdown.

GDPR for Individuals / Users

GDPR is all about transparency, making sure you know exactly what you are signing up to. It is an effort to simplify the process for users so they do not have to trawl through a privacy policy that is longer than the US constitution!

As a user of a website, for example if you’re subscribed to your favourite news sites daily briefing, you will have the right to be forgotten. This means the provider of this newsletter has to be in a position to easily delete your data when you request this. After May expect to see more checkboxes when you sign up to a newsletter or subscribe to a service. This is because all users must provide consent to be ‘subscribed’ for example. So implied consent will no longer be enough, as a user you must active opt-in.

GDPR for your Business

Here is the fun part. As a business you are now legally obliged to keep a record of how you process data for your users. This may sound a bit scary but if you are prepared it can be dealt with in an orderly manner.

Our organisation have performed a Data Protection Impact Assessment to describe, measure and assess risk in our data flows. We went through the following phases of a DPIA:

  1. Determine the information flows throughout the organisation
  2. Identify risks related to privacy and processing
  3. Privacy solutions to address the identified risks
  4. Assess how data protection principles have been applied throughout the organisation
  5. Sign off and record the DPIA
  6. Conduct regular reviews of the DPIA
  7. When there is a change in processing of personally identifiable information perform a new DPIA to determine the necessity and proportionality of the changes in processing

The Data Protection Commission have a good article on a DPIA.

The popular newsletter service Mailchimp have a good article covering how they are dealing with the forthcoming changes. But if your newsletter signup forms are custom built and not a ‘hosted’ Mailchimp form, you will have to change how it functions. Google also have a good resource on their commitment to GDPR.

Limited Offer – 20% Discount on our GDPR review

Request a Quote

 

This article is purely for guidance, and does not constitute legal advice or legal analysis.