Request a call

Helping you comply

GDPR

Helping you comply

GDPR

by Karen Cockerham
HOW WE CAN HELP
Microsoft has committed to GDPR compliant Cloud by 2018 deadline. If your data storage is not yet compliant you need to act now.

The General Data Protection Regulation will take direct effect in the UK from 25 May 2018

What is the GDPR?

The GDPR reflects technological changes in how data is gathered and used. It gives a far more detailed definition of personal data and introduces significant new requirements particularly relating to children’s data and the rights of individuals. Organisations need to be thinking now about how they are going to meet the new regulations and may need to seek further advice on what data they should be storing.

What does it mean for me?

The changes in Data Protection legislation are an opportunity for companies to consider the data they store and the reasons for that. But the main concern on most peoples minds is that a breach of the new regulations can come with a fine of up to  €20m or 4% of your global turnover whichever is higher.

If you haven’t already got a plan in place for how you will comply some of the key areas to consider include

  • Lawfulness of processing
  • Individual’s rights
  • Accountability & governance
  • Breach notification
  • Transfer of Data
  • Privacy by Design

How can we help?

Data storage & processing
One of the key things all organisations will require to ensure compliance is a quality CRM system to securely store and manage data.

Breach Notification / Data Portability
Data is stored in a format that can be easily exported in a variety of formats and in the necessary timescales.

Help ensure compliance with the new regulations

  • Unique user IDs and log-ons to access the system
  • Ability to force re-authentication and/or auto log-off
  • Security roles to limit access to specific data
  • Daily backups to prevent accidental loss of data
  • Audit history logging
  • Database level encryption
  • Ability to extract statistical data without the personal data
  • Activity scheduling to prompt review/deletion of data

In particular in relation to individual’s rights

  • Contact records that can be easily updated and deleted
  • Universal search by keyword for ease of updating/deletion
  • Ability to flag individual records to prevent processing
  • Marketing permission fields to limit methods of contact
  • Consent records stored against a contact
  • Portal access to allow individuals to update personal data and marketing permissions
Top