GDPR Overview

The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organisations who collect or process personal data. It comes into force on 25th May 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, and it includes several new provisions to enhance the rights of data subjects and it imposes harsh penalties for violations of data protection rights. We began working on GDPR in October 2017 and continued right up to GDPR day 25th May 2018. During that time we updated our server and hosting infrastructure. We rewrote our policies. We prepared our GDPR policy. We trained staff, and most importantly we carried out significant work on MindaClient to help our clients comply with GDPR. Please check out our video.
KEY TERMS EXPLAINED

GDPR Checklist

Are you ready for GDPR? This is a short overview of some the items you need to address for your organisation. You should consult the Data Commissioners website for more details. You can download a definitive checklist from the Data Commissioner’s website here.

You have to ask yourself a number of questions in relation to the collection, storage and use of data:

List the categories of data subjects and personal data collected and retained e.g. current employee data; retired employee data; customer data (sales information); marketing database; CCTV footage.

Did the data subject sign up to a newsletter. Are they an existing customer governed by our contract in which case consent may not be required.

Do we have the necessary consents required and were the data subjects informed of the specific purpose for which we’ll use their data? Were we clear and unambiguous about that purpose and were they informed of their right to withdraw consent at any time?

Are you recording the basis of recording the data and is that basis still relevant at this stage.

Are we ensuring we aren’t holding it for any longer than is necessary and keeping it up-to-date? Do you have a policy for keeping the data up to date and have you defined the timeframe and criteria for getting rid of data. Do we have a defined policy on retention periods for all items of personal data, from customers, prospects and employee?

Are we keeping it safe and secure using a level of security appropriate to the risk? For example, will encryption be required to protect the personal data we hold? Are we limiting access to ensure it is only being used for its intended purpose? Who in our organisation has access to the data?

Are our staff trained in all relevant areas GDPR policy to ensure they handle data in a compliant manner?

Are we transferring any personal data outside the EU and if so, do we have the required adequate protections in place?

Do we have procedures in place to handle requests from data subjects to modify, delete or access their personal data? Do we have procedures to anonymise data if we are asked to do so by a data subject? Do these procedures comply the new rules under the GDPR?

Do we have a Privacy Policy in place and if so, do we need to update it to comply with GDPR?

In cases where our third party vendors are processing personal data on our behalf such as online accounts systems or CRM system have we ensured our contracts with them have been updated to include the processor requirements under GDPR?

GDPR Documentation

Key Terms Explained

MindaClient GDPR Compliance

Helping you become GDPR Compliant

GDPR User Guide

GDPR Compliance

MindaClient have always attached great effort and significance to Security, Data Protection and Data Privacy. When the General Data Protection Regulation was announced we committed to reviewing our infrastructure, our policies and our MindaClient system. We identified three areas where we were going to undertake work.
  1. Review our web hosting and security infrastructure.
  2. Review existing policies and write new policies required under GDPR.
  3. Carry out a review of the Data Protection commissioners requirements to identify what work we needed to carry out.
We needed to communicate our policies internally through staff training and externally through informing our clients. We commenced our GDPR project in October 2017 starting with our infrastructure and progressing to policies and requirements. Over the last 6 months we have had an average of one and a half people working on the GDPR project in MindaClient. Further details on our GDPR Compliance can be viewed here.

GDPR and MindaClient

The following table outlines the new legal requirements with regard to processing of personal data and describes how MindaClient can help you to become GDPR compliant.
VIEW TABLE

Please note

The data on the MindaClient GDPR web pages is not intended as a legal interpretation of GDPR regulation and should not be relied upon as legal advice. It was intended to:
  • provide information
  • outline what MindaClient can do to help you become GDPR compliant
  • outline how MindaClient is complying with the GDPR regulations
You are advised to seek your own legal advice and to consult with the Data Commissioners website.