GDPR Compliance

What is GDPR?

The European Union have replaced the Data Protection Act 1988 (DPA) with the new General Data Protection Regulation (GDPR) which will be in place for all organisations who operate within the EU on the 25th May 2018. The directive is designed to improve the way that companies collect, handle, process and archive personal data such as accounts, HR files and customer’s confidential information.

Personal data that needs to be protected under the GDPR is any information regarding an individual that can be identified from that data, such as names, address, job etc. Sensitive data includes information like racial origin, sexual orientation, political opinions etc.

What’s different about GDPR?

The GDPR is very similar to the DPA but the new regulation introduces updated security requirements when processing and storing personal data. All organisations are expected to prove that they’ve implemented the “Data Protection by Design and Default”, which is outlined in Article 52 of GDPR. This implies that all companies will need to invest in additional technology, processes and training in order to secure and manage client’s personal data.

A key change highlighted by GDPR provides the right for individuals to request confirmation from the data controller as to whether their personal data is being used, where and for what purpose. Additionally, the controller is required to provide a copy of the individual’s personal data in the same format that it was requested, whether it’s electronically or manually posted. Individuals also have the right to be forgotten and their personal data to be deleted from a database.

Another aspect that has been prioritised with the GDPR is the protection around cyber security. This is due to the recent increase of social media, instant messaging and other digital communication platforms that are now introduced in day-to-day business, as it involves customer’s IP addresses relating to locations.

What does this mean for your business?

Due to individuals now having the right to access and request their documents, organisations should be prepared to send an electronic copy of the data that illustrates how the data is being used and for what purpose, if it was requested electronically, within 30 days. For instance, if the request is made via email, the information should be provided in a commonly used electronic format, such as a pdf.

It would be very impractical for businesses if a large quantity of people requested a copy of their personal data, as it would cost time and money when constantly sending the documents over. If the individual requests for the copy over email, it’s essential that an electronic copy is sent.

Scanview UK can scan your company’s documents that contain personal data e.g. HR records that need to be managed efficiently, with an audit trail of how the data is being processed. The company can index the documents by employee name, which allows each file to be easily searched and sent over quickly.

Organisations are also expected to only store personal data if it’s absolutely necessary and in secure premises. Scanview UK's archiving services provide a fully secured facility, with the ability to provide a full audit trail of all staff and processes.

How does Scanview UK comply with GDPR?

Although the regulation doesn’t come into effect until 2018, the government is encouraging organisations to start taking measures now to ensure all necessary processes and procedures are in place to meet these guidelines.

In order to be GDPR compliant, Scanview UK will be able to demonstrate a number of data protection regulations, including the following:

·       A clear process for the indexing of storage projects which allows a full index list to be provided to customers and allowing quick, efficient and timely file retrievals

·       All projects that Scanview UK publish have an associated index list with contents of each box, this allows for file retrievals to be carried out quickly and efficiently

·       Offer a secure, encrypted file transfer via an SFTP connection to expedite the process of file retrievals

·       Undertake secure on-site shredding in line with BS EN 15713:2009 Code of Practice, this allows the efficient destruction of documents with a full audit trail

·       Customers are able to make requests and shall receive a reply within 30 days

·       Customers have the right to erasure and the right not to be profiled

·       Data processors are now regulated in the same way as Data Controllers, with joint liability in the event of a non-compliance

·       All Scanview UK staff who handle personal data will be provided with adequate training, with a full audit trail

What happens to organisations who refuse to comply with GDPR?

Any organisation that fails to comply with GDPR rules and regulations set out by the EU could face harsh consequences, such as fines of up to €20 million or 4% of the company’s annual turnover, whichever is greater.

Ensure your data is safe with Scanview UK

Scanview UK's secure archive facility has Redcare security systems, 24 hour CCTV, and secure perimeter fencing.

The company’s scanning bureau is also accredited for ISO9001 Quality Management and ISO27001 for Information Security Management. As well as Cyber Essentials Plus, Scanview UK is PCI compliant and is BS EN 15713 certified for the secure destruction of documents.

Outsource your company’s important and confidential documents to Scanview UK, with assurance that all data will be handled, processed and archived securely through measures that are GDPR compliant.

© Copyright 2018Web Design By Toolkit Websites