How To Stay GDPR Compliant
Here at DBSChecks, we believe that data protection is important. For that reason we’ve put together this article to help your business remain within the regulations of General Data Protection Regulation (GDPR).
GDPR caused controversy when coming into play in May 2018. As now the tides have calmed, businesses need to ensure that they have understood and applied GDPR obligations as much as possible.
Conforming to GDPR is a responsibility that needs to be upheld.
GDPR can seem intimidating, in fact a report by TrustArc proved that only 20% of organisations believe that they conform to GDPR.
No matter what the companies intentions are, they may fall out of line and lose compliance. These guidelines can be broken several ways like: carelessness, conflicting motivation within the business, and undefined responsibilities.
To avoid these issues, businesses should always check their guidelines and gain an organised approach to data protection.
Monitoring compliance with data protection
When monitoring the efficiency of your businesses conformity to regulations, there are things to give some thought to: allocated obligations, taking account of data processing tasks, technical and management rules, Data Protection Impact Assessments (DPIA), incident response procedures, and organisation of contracts and third-party processors. The ICO, Information Commissioner’s Office, provides a handy self-assessment toolkit with checklists that can help measure your procedures.
The 7 Cornerstones of GDPR.
The 7 fundamental guidelines should direct your business decisions when handling personal data.
1. Legality, fairness, and openness
Your business must set out a lawful basis under GDPR for any data handling your business does.
When you handle data, it must be done fairly and transparently. It is mandatory for organisations to be truthful about what data you are handling and how they are doing this. It must be easy to find, read and understand
2. Legitimacy of purpose
Data is only to be collected for specific and authorised reasons, and cannot go against these reasons.
If data is to be gained in a brand new way, there must be consent given from the people who own the data for that information.
3. Minimal data collection and use
Data must be appropriate and only collected if it is relevant and for legitimate business reasons.
4. Accuracy and honesty
Data is required to be accurate and honest. It should also be regularly kept up to date.
Businesses should make this a priority, and inaccurate data should be deleted or rectified immediately.
5. Limited storage time
Data should not be stored for longer than is required for the reasons for collecting the data.
These actions should be documented in your data retention policy, and remember that you must be able to take accountability for all retention periods.
Longer retention periods are accessible for personal data if it is being kept for the public interest, such as archiving, historical and/or scientific research/statistics.
6. Confidentiality and integrity
This is the GDPR’s security principle. It is a requirement to have suitable technical and/or organisational regulations that guarantee the security of data. Including protection against prohibited or illegal processing, accidental loss or damage. A good security risk assessment can help greatly.
7. Being accountable
Your business is required to take accountability for what you do with data and how it conforms with GDPR requirements. To achieve compliance you must be able to demonstrate conformity through suitable measures and records.
The ICO’s guide includes more information on GDPR compliance: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/
The DBS Code Of Practice
All businesses must follow data protection laws, but the ones that receive and/or process DBS data must comply with more specific regulations when handling this data.
The DBS Code of Practice is there to make sure that criminal record information is used fittingly and justly.
The Impact of Brexit
UK organisations, during and after the transition of Brexit, will need to remain compliant with GDPR requirements.
The ICO’s website keeps up to date information about the impact Brexit will have on data protection.
Keeping Up-to-date
The European Commission must publish a report on the review of the GDPR by 25th May 2020. The European council has released a draft position on the application of the GDPR which is a segment of the finalisation process.
Maintaining A Positive Data Protection Attitude
It is valuable to remember that following the GDPR is a process and most businesses are on this exact same journey.
Rather than it being a daunting experience, it can be an opportunity for you to express your responsibilities and commitment to the process. You can demonstrate how you protect the rights of employees, customers and job applicants.
Organised data protection has several benefits for your business and can increase confidence for everyone: employees, customers etc. It can improve your reputation too, saving time and money.
To find out more about data protection and DBS Checks, contact one of our expert advisors today.