General Data Protection Act (GDPR)

Friday 22 June 2018 / in News, Uncategorized / by StevenMcPherson / Comments Off on General Data Protection Act (GDPR)



GDPR – The Four Letter Word..

As of the 25th May 2018, the world of data protection has changed.

The act will affect any business / organisation that not only shares personal data but also stores or uses personal data within the EU. The UK Government has advised, that once the UK leaves the EU (Brexit), GDPR will still be adhered to.

Personal Data is defined as “data that an individual can be identified by”.

“It wont affect me, as I don’t hold personal data”. Simply not true. GDPR will affect every business within the EU and UK in one way or another.

There is a massive amount of detail to this ‘new’ Act, but for the purpose of this post, we will keep it simple and cover subjects relevant to our industry of Document and Records Management.

The first obstacle an organisation should complete, is a concise Data (Flow) Mapping of their information.

This involves the following:

  • What data do we have? Name, address, telephone, bank account, medical records etc
  • Do you have permission from the person the data refers to, to hold his / her details? Otherwise known as Consent.
  • Where is it? Is it held within our premises in storage cabinets / boxes / servers? At an off site storage facility?- box storage or Cloud / data hosting system
  • Who is responsible (owner) of each type of data? Human Resource will be your HR manager, Finance will be your finance manager etc…
  • What form is that data in? Paper, electronic or even microfilm.
  • Why are we holding said data? How is that data used within our business, is it relevant?
  • How long are we holding data for? – Otherwise known as Retention Period.
  • How do we go about Destruction of data?

Organisations should ensure they are doing all they can to eliminate the chances of a data breach occurring.

Such things as;

  • Relevant and Effective Destruction policies and procedures.
  • Polices and Procedures in place to ensure consent is obtained.
  • Up to date policies and procedures which clearly state how the company is GDPR compliant.
  • Possibly, the most important, effective staff training. Ensure staff know how to handle data securely, an email policy as well confidentiality agreements are all essential.

Here at McPhersons, we take any data we are passed or generate with the strictest of confidence. As a company that Processes our clients data our reputation depends upon it. We have stringent systems and procedures in place to ensure not only our staff are aware of their requirements, but that all data is secure at all times.

Such things as update Terms and Conditions, Privacy Policy, Data Processing Agreements (DPA’s) as well as Contracts and Confidentiality Agreements are just some of the ways we ensure data is secure and that we remain Data Protection Act and GDPR compliant.

If you would like to find out more or to discuss how GDPR will influence your organisations data, please don’t hesitate to contact our team. Our Steven McPherson is our GDPR representative.