The General Data Protection Regulation (GDPR) takes effect on 25th of May 2018. This introduces considerable new responsibilities on all businesses, large or small.
- There is a legal responsibility to make sure information is kept securely and with due care, and is restricted to only those who need it. There are heavy penalties for data breaches, and an obligation to report any breach.
- Individuals have a right to be know what data is held on them, to get mistakes put right, restrict processing, to have an extract of the data that can be taken elsewhere, and to erasure of that data.
- There is a need to attach an expiry date to each piece of data and remove it when no longer required.
All considerable challenges when building new IT systems, but how do we cope with existing legacy systems?
We can help your systems
- Ask for and record consent of holding data.
- Recognise and respond to individual’s requests to access their personal data
- Record if individuals are children and mark them as such
- Rectify and correct personal data and ensure it is accurate.
- Implement expiry dates on data, and enforce an automatic data retirement process
- Securely dispose of personal data
- Restrict processing of an individual’s data on request
- Allow individuals to object to the processing of personal data