GDPR Compliance is Not A Afterthought

~ chriseyre2000

Here is the guidance from the ICO

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-by-design-and-default/#:~:text=The%20UK%20GDPR%20requires%20you,by%20design%20and%20by%20default’.

The idea is that any system that is being worked on requires data protection by design and default.

This includes:

Asking permission from the user to use their personal information. If they need to opt in this needs to be explicit rather than assumed. (There are some circustances where permission is not required, but you need to make the owner of the data aware).

You should also record the version of the privacy notice that they accepted. If the terms change to include additional usage then permission needs to be requested again before the data is used. Permission may also be withdrawn.

The use, storage and processes must be clear. Breaches of these need to be reported to the authorities and affected users.

Fully doing this is not simple. There are benefits. This will typically require personal data to be held in a single place which can simplify processes (less duplication and inconsistency). The need to understand your internal processes will also help. It forces good communication practices.

Published by chriseyre2000

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s