GDPR Compliance is Not A Afterthought

Here is the guidance from the ICO,by%20design%20and%20by%20default’.

The idea is that any system that is being worked on requires data protection by design and default.

This includes:

Asking permission from the user to use their personal information. If they need to opt in this needs to be explicit rather than assumed. (There are some circustances where permission is not required, but you need to make the owner of the data aware).

You should also record the version of the privacy notice that they accepted. If the terms change to include additional usage then permission needs to be requested again before the data is used. Permission may also be withdrawn.

The use, storage and processes must be clear. Breaches of these need to be reported to the authorities and affected users.

Fully doing this is not simple. There are benefits. This will typically require personal data to be held in a single place which can simplify processes (less duplication and inconsistency). The need to understand your internal processes will also help. It forces good communication practices.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s