Archive RSS
Blog  »  June 2023  »  Following GDPR Guidelines - Blog
15
Jun 23

Posted by
Charlotte McArdle

Following GDPR Guidelines

General Data Protection Regulation (GDPR) is a hot topic right now. GDPR is the toughest privacy and security law in the world. Even though it was drafted and passed by the European Union (EU), it imposes obligations onto organisations anywhere, so long as they target or collect data related to people in the EU. Under GDPR people have a fundamental right of access to their personal data from data controllers.

Types of data processed
In business there are 3 main types of data that is processed regularly. These are:

• Customer data
• Employee data
• CCTV

When dealing with this data the three key principles to remember are:

• Lawfulness
• Fairness
• Transparency

How to treat the data you process

• Purpose limitation
Personal data should only be collected for specific, explicit and legitimate purposes and not further processed in manner that is incompatible with those purposes.

• Data minimisation
Processing of personal data must be adequate, relevant and limited to what is necessary in the relation to the purpose for which they are processed.

• Storage limitation
Personal data should only be kept in a form which permits identification of data subjects for as long as is necessary for the purpose for which the personal data are processed.

• Integrity and confidentiality
Personal data should be processed in a manner that ensures appropriate security and confidentiality of the data, including protection against unauthorised or unlawful access to or use of personal data and the equipment used for the processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

The four main breaches of GDPR are:
• Unauthorised disclosures
• Unauthorised access
• Hacking
• Integrity

GDPR Guidelines
1. Know what data you have, where you have it and why you have it
2. Be transparent
3. Identify any risks
4. Know your processors
5. Manage any risks

Bright Contracts contains a 'Data Protection' section of the Company Handbook which can be viewed under the 'Introduction' tab. Download a trial of our software to see a sample of this content.

Posted in GDPR