The General Data Protection Regulations (GDPR) came into force earlier this year & it’s crucial for all groups & businesses to be aware of what they need to do. Here’s a short guide to GDPR & details of how we can help.
What is GDPR
The law replaces the 1995 Data Protection Directive, which previously set standards for how organisations process data – that means handling personal data, even through collecting names on forms or newsletter sign-ups. Personal data is information that relates to an identified or identifiable individual. Things that could directly identify an individual include names, numbers, IP addresses and cookie identifiers.
GDPR affects every company and organisation. It’s likely that organisations that hold and process large amounts of consumer data: technology firms, marketers and data brokers will be most affected but it also applies to non-profit groups and organisations. If you use a third party to collect data on your behalf, you still have a responsibility to ensure that they also comply with regulations.
What does it mean for me?
As an individual, you will have much more power over your data. You can withhold consent for certain uses of data, request access to your personal information or delete your information from sites altogether. As a representative of an organisation, it means you must have a valid lawful basis for processing data, explicit consent – people must actually tick something to agree to you holding/using their data, and evidence of both of these.
How can I get help?
Luckily, that’s where Eco-Tech can help. We can ensure that any website we design or maintain meets all requirements and we can audit your own website to check it is compliant. We can review your policies, procedures and controls, can make recommendations about what to do and, if needed, we can create policy documents and amend your forms (online and paper).