GDPR: Compliance beyond the deadline
After years of careful planning and preparation, the compliance deadline for the General Data Protection Regulation (GDPR) is now here but is your organisation ready to successfully maintain compliance beyond May 25th?
By now organisations have devised and implemented a data retention plan, changing the way they record and store personal data. ‘Transparency’ and ‘accountability’ have been the main elements enforced by the new EU data protection law meaning all organisations that deal with personal data have to demonstrate strict requirements for capturing an individual’s consent. Organisations that are not compliant with the GDPR face fines of up to €20 million or 4% of annual revenue, (whichever is highest).
Although GDPR compliance is a constant process and requires a cultural change in the way we think about personal data, organisations should not see the new regulation as a scary one or as a threat to business. GDPR is an opportunity to deliver excellent customer service and increase digital trust.
So what is personal data? And how can Bonafidee help organisations stay GDPR compliant? Personal data is “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. Organisations are now forced to be more transparent with the sensitive data they hold and are required to document how they process personal data. Bonafidee Advanced e-Forms allows users to do just that. Bonafidee obtains the appropriate consents, verifies ID, captures data and then delivers a comprehensive data file with the evidence necessary to prove who, how and when the form was completed and signed. Accessed from the safety of Bonafidee’s dedicated web portal it provides all of the tools necessary to create professional, templated or customised, interactive forms allowing complete control over the data needed.
Organisations must also look at their security procedures to make sure that they do not fail to meet the new standards. The GDPR message is clear - don’t take risks with your customers’ data. Organisations need to think about their service providers and partners carefully. Where is data stored and who has access to it? GDPR dictates that organisations must be able to find and process the personal data of their customers with visibility, responsibility and accountability. With that in mind cloud storage may not be the best solution. Using the cloud to store data means that the exact location of data is unknown without investigation, meaning any questions of location cannot be answered quickly. For these reasons Bonafidee chooses to store its’ data securely on dedicated private servers so the location of sensitive data is known at all times. Bonafidee have complete control and visibility over all aspects of their server environment which is an advantage over cloud based storage.
Francis Lang, Founder at Bonafidee says “Once data is uploaded into the cloud, organisations may have no control over where data is then replicated and further backed up. The exact location data is stored therefore becomes an unknown. Bonafidee store all data on our own managed and dedicated infrastructure in IL3/4 rated data centres in the UK. This decision not only allows us to know where exactly geographically our data is but who has access to it. Under GDPR’s “right to be forgotten” Bonafidee will not only keep its customers’ data safe but will delete it if instructed to, giving our customers full control of their data. Using Bonafidee Advanced e-Forms enables customers to capture the data in the first instance and be completely in control of capturing consent. This results in a tamper evident audit trail to provide legally enforceable evidence and ensuring GDPR compliance”.
 ICO. (Information Commissioner’s Office) “Key definitions”