Is your workplace compliant?
Five months on from the GDPR launch date and here at Laser Red we had one of our first team GDPR refresher sessions, which was provided by local company; Info Lore. As part of being a GDPR compliant business it is important to show a record of training and understanding from all employees. The depth and number of training sessions which are required depends on the job role and level of data that is being handled. A great place to check this is on the Sage website, this details different job roles from marketing and sales to accounts and finance.
What is the purpose of GDPR?
The main objective of GDPR is to protect EU citizens. As much as the topic is open to a lot of controversy, debate and even fear its basic principles should not be mocked. With ‘data’ being a hot topic for a number of years GDPR was brought in to help aid with safe keeping personal data and protecting our identities. There has been an increasing number of data breaches across companies worldwide which have led to sensitive information, including banking details being leaked. These breaches called for a proactive approach to tackle these companies and bring all standards of data protection in line.
The Six Principles
To ensure your company is GDPR compliant does not necessarily take a compliance officer or the need for extra resources. Follow these six principles and you will be on track to protecting your business, employees and clients.
Lawful, Fair and Transparent Processes
Simply ask yourself, why? Why am I keeping or recording this information. If you cannot answer this, then minimise the risk by not recording it in the first instance.
As part of the new data laws inaccurate or incomplete data must be deleted or amended within 30 days. If a client or employee requests for data to be amended you legally have 30 days to action this request. If you’re unsure if the data is correct, it should be safely destroyed.
This links very closely to data minimsation, simply if it is not required then do not keep it!
Integrity and Confidentiality
This links very closely to security. Where is personal and sensitive data stored and how.
When it comes to data, ask yourself some basic questions:
- Why do I need this?
- What permissions do I have to store or use it?
- How am I going to protect it?
- When should I remove the data?