The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.

“The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commissionintend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1] When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC)[2] of 1995. The regulation was adopted on 27 April 2016. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable.”



GDPR – What it means to us

In reality there are a number of key points that every organisation must implement. These are:

  • Make sure all key staff are aware of the change in the law to the GDPR.
  • Document all personal data that your organisation holds.
  • Review your privacy policy and update it in line with GDPR.
  • Check your procedures cover all individual rights, especially when it comes to having data deleted.
  • Update your procedures to reflect how you would handle an information request.
  • Identify your lawful basis for processing data.
  • Actively seek consent to hold data, ensure you follow a double opt-in process.
  • Put in place systems to verify age and obtain parental consent where applicable.
  • Put in place procedures to identify data breached.
  • Assign a Data Protection Office, they need to be ensuring your organisation is compliant on a continuous basis.
  • If you operate across international borders, ensure you comply with data protection guidelines.

One point that all organisations must ensure is that all suppliers and third parties delivering services for your organisation are also GDPR compliant.

One source we have found very useful is the Information Commissioner’s Office (ICO). Have a look at this link and it provides up to date information on GDPR and practical advise on what you need to do to comply.

We are constantly looking at our systems to ensure they meet all regulatory requirements and are currently updating them to ensure that by May 25th 2018, all our customers have compliant systems in place.

If you want to find out any more about how Simplekey Web meets GDPR regulations please contact us.