FOCUS ON GDPR
Here’ s FIVE CRM’ s guide to GDPR
What is it? The General Data Protection Regulation( GDPR) is a new European ruling, which governs the data protection rights for all individuals within the European Union. It serves to strengthen and unify all data protection rules and practices across the EU.
What is changing? GDPR will put the power back into an individual’ s hands. They will gain the rights to access, amend, and restrict the personal data organisations have about them.
In the unfortunate event that an organisation suffers a data breach which could compromise the security of individual’ s personal data, those individuals must be told within 72 hours of the start of the breach.
Individuals also have the“ right to portability”, this is the right to move data and services to another provider with no hassle or strings attached.
Consent The greatest change within GDPR is the way consent is granted. Consent must be knowingly and willingly given by the individual, with organisations making their intentions for data use made clear. Soft opt-ins, implied consent, and hiding data policies within confusing T’ s and C’ s are all against GDPR rules.
Organisations must keep a record of why, when and how they were granted permission. There must also be details of what they were told at the time. If oral permission was granted, a script of what was said will work fine, call recordings are not essential.
Right to be forgotten Individuals will have the right to retract consent at any time, and have the“ right to be forgotten”, which means that if they request an organisation to delete their data, it should be done so immediately. It must be deleted from all backups, and the organisation should have proof of the deletion.
Right of access Every EU citizen will have the right to ask how an organisation is using their personal data, where it’ s used and why. They also have the right to request a digital copy of the data that is being held about the individual. Right to object
All individuals will have a legal right to opt out of marketing communications. If an individual does opt out you must withdraw them from that activity immediately.
Lawful reasoning There are six allowable reasons for processing someone’ s personal data. These are:
• You have the consent from an individual
• If it is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
• If it is for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject- It is for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
• If it is to protect the vital interests of a data subject or another individual
• It is needed for compliance with a legal obligation
Who does it apply to? The new regulation will apply to any organisation around the world, who deal with EU residents. While there is a possibility it can change, it currently applies to both B2B and B2C.
@ FIVECRM
What will you be able to do? You can call and email organisations, as these are generic and not personal data.
It is currently unclear by the EU and ICO if you can contact potential clients through social media platforms.
Take action now You must be compliant of this regulation by May 25, 2018, otherwise you could face penalties of up to € 20 million or 4 % of your companies worldwide annual turnover( whichever of the figures are greater).
To find out more you can receive a copy of their leaflet, go to https:// fivecrm. com / gdpr-leaflet or take their GDPR quiz visit: https:// fivecrm. com / gdpr-quiz
To book a demo of the new Personal Data Rights Management System go to: https:// fivecrm. com / trial
CARDWAVE’ S THOUGHTS ON GDPR
Paul Norbury, founder and Chief Executive of Devizes-based Cardwave Services Ltd, is a true expert when it comes to flash technology. Paul’ s passion for flash memory began over 17 years ago, long before smart phones and tablet computers were invented, and before SD cards and USB drives existed!
|
Founded in 2004, today Cardwave is proud to be a market leader in the flash memory market, a trusted advisor and the go-to company for world-class companies in the automotive, IT, medical and many other sectors. Cardwave’ s passion for data, and keeping it secure, also extends to products and services relevant to SMEs and individuals.
How can Cardwave help businesses prepare for the EU GDPR regulations?
There’ s no denying that the GDPR is a big deal. We’ ve known about the new legislation since April 2016 but worryingly data breach stats and research indicate that the majority of UK businesses are still far from ready. In October press headlines included‘“ Heathrow probe after‘ security files found on USB stick’”.
Preparing for the new EU General Data
|
Protection Regulations isn’ t a quick or easy job, but the ramifications of not being ready don’ t bear thinking about. One aspect of data security( and EU GDPR compliance) that you can tick off your list quickly, easily and at little cost, is that of keeping data safe on the move. Hardware encrypted USB3.0 flash drives, such as SafeToGo ® from Cardwave, offer the perfect solution.
Tell us more about the relevance of SafeToGo and the EU GDPR
SafeToGo boasts AES 256-bit XTS hardware encryption, which prevents any unauthorised access and keeps your sensitive files 100 % safe. This means that should a SafeToGo drive be lost or stolen, what could have been a serious data breach, will be downgraded to just a security breach, and no fine will be incurred.
|
What have been the highlights of 2017 for you?
The company has continued to grow despite a difficult market, but a highlight has to be SafeToGo being named a finalist in the 2017 Computing Security Awards( Encryption Solution of the Year) awards. Cardwave was also featured as a company of best practice within the Parliamentary Review- http:// tinyurl. com / y9yaao5k, that was something I am very proud of.
And looking ahead at 2018, what are you excited about?
Firstly, and most importantly, Swindon Wildcats winning lots of silverware!( Note: Paul is a massive Wildcats fan / supporter. So much so that Cardwave is an official Swindon Wildcats sponsor).
Business wise, 2018 is all about the EU GDPR and data security. We’ re committed to
|
|
helping businesses achieve compliance for data on the move ahead of May. SafeToGo can now be bought via our Amazon shop, as well as through our authorised distributors and resellers, and we’ ll be launching SafeToGo Solo( an unmanaged option) for individuals and small businesses early in the New Year.
We’ re also busy launching SmartDrive™ in the UK and Europe – www. smartdriveusb. co. uk. SmartDrive is a USB drive that delivers more, it is a self-updating flash drive that works with a Content Management System. This is a really exciting product and the functionality will benefit all sorts of businesses.
For more info: www. cardwaveservices. com
@ Cardwave _ svs
|
|
|
|
THE BUSINESS EXCHANGE 2017 27 |