© Systems AXIS Limited,
axisfirst is a trading style of Systems AXIS Ltd. Head Office: AXIS House, 53/55 St Mary Street, Bridgwater, Somerset, TA6 3EQ. Registered Company 2370905 | VAT No. GB 515 8599 12
GDPR is an updated version of data protection act of 1984 for the 21st century and designed to protect the confidentiality, integrity, and availability of personal data.
GDPR is not designed as a barrier to conducting business, but as the framework of requirements which organisations must achieve to be compliant with the regulations, however, the way your business achieves this compliance will be individual and specific to your company.
Any information directly or indirectly relating to an identifiable or identified natural living person whether in private, professional or public life.
Identify by what means information comes into your organisation whether it be by post, fax, email, social media, website or via electronic data interchange.
You may legitimately share information with Banks, Accountants, Payroll Bureaus and other such organisations, check their policies and procedures to ensure they are ready for GDPR.
Knowing whether you are the “processor” or the “controller” of the data; sometimes you will be one or the other but for other types of data you may be both.
Having a clear retention policy that outlines what data you are keeping, for what purpose and for how long ensures you know how to respond to requests from a data subject to be forgotten.
It is no longer acceptable to keep data “just because”, you must inform people of the timescales of when their details will be destroyed and must be documented as to how you will destroy them.
GDPR introduces the principle of accountability. All staff who are involved with personal data will be held accountable for their actions and must therefore receive training appropriate to their role so that they understand the requirements of the regulation and the actions that they individually must deliver to remain compliant.
The concept of accountability is a golden thread across the management of personal data and organisations are required to develop and implement a needs-based data protection training programme for all staff. For companies that predominantly trade business to business, the data you hold within your HR records is likely to be the key collection of personal data. But it is equally important that you understand, documentation and communicate a clear and transparent policy with new applicants, existing staff and ex-employees in relation to their personal information.
Businesses are expected to put into place measures that include appropriate technical and organisational solutions to ensure transparency, accountability and governance and demonstrate compliance. Such measures should be designed to minimise the risk of data breaches and uphold the protection of personal data within the company.
Although there are ‘off the shelf’ solutions available to purchase, each still requires a degree of tailoring to fit the individual needs of each business implementing the package.
For the tailoring to be effective, the editor of the business processes must understand both the Regulations and the needs of your company. A cost-effective method of achieving this outcome is to work with a GDPR certified practitioner and combine your collective knowledge to build a suite of compliant procedural documentation which is relevant for the organisation.
Compliance will be assessed from 25th May 2018, non-compliance to the regulations carries the risk of financial penalties. The Regulations allow for fines levied against the company by the Information Commissioner’s Office plus claims for compensation and liability by any persons who can show that they have suffered material or non-material damage because of infringement of the legislation.
Both controllers and processors will be held liable for any data breaches and processes which infringe personal data security. To be exempt from liability, your business will need to prove that it has processes and procedures, including training of staff, in place which define and control how personal data is treated, and that you monitor the ongoing compliance of the data management processes and can prove such compliance. Records will therefore be key to all businesses for the ability to provide evidence to demonstrate compliance.
Our certified GDPR practitioners are here to help you get your business ready for GDPR.
Fill the form below for a FREE one hour consultation session.