GDPR & Compliance
Our experience and innovation allows our partners to grow in safety.
What is GDPR?
The General Data Protection Regulation (GDPR) replaced the data Protection Directive of 1995 and came into effect on 25 May 2018 as common law. GDPR applies to organisation’s doing business with the EU and deals with the protection of the personal data of EU citizens. GDPR requires that any breach of data is reported in the UK to the Information Commissioner’s Office (ICO).
The Rights of the Data Subject
Every business owner must be aware of their obligations to not only their customers but to their staff and business partners as well.
These Rights Include:
- Information: What data will be collected and what will be done with it
- Access: Allow the data subject to see the data after it has been collected
- Rectification: The data subject can have the data corrected after collection
- Erasure (right to be forgotten): Removal of data if there is no legal right to hold it
- Restriction of processing: No processing of held data if requested not to do so
- Notification of rectification or erasure: Inform other data processors of the data subjects wishes
- Data portability: Ability for the data subject to easily transfer the data to another processor
- Object: Taking account of objections to what you hold and do with their data
- Object to automated decision making: Ask for a human to override decisions made by algorithms
The Role of the Data Protection Officer (DPO)
Through their normal working practices, each business collects a variety of types of information about the customers, staff and even other businesses that they work with. For those organisations that are required to have one, it is the responsibility of the DPO to ensure that their business remains GDPR compliant.
- May be a part-time or shared external resource
- Requires relevant knowledge and experience of data protection law
- Must have direct access to highest management level
- Must have no conflict of interest within the organisation (cannot work in your IT department)
- Monitors compliance and provides advice and guidance on issues of data protection
- Primary contact point with the supervisory authority (Information Commissioner’s Office)
- Must remain independent and not be influenced by an organisation
- Must be directly accessible by the data subject
- Must be bound by confidentiality
The Data Protection Impact Assessment (DPIA)
DPIA must be performed where processing is likely to result in a high risk to the rights and freedoms of natural persons.
What does the Assessment Include?
- A description of processing and operations of the data
- An assessment of the necessity and proportionality of the processing
- An assessment of the risks to the rights and freedoms of data subjects
- The measures envisaged to address the risks
- Evidence of compliance with approved codes of conduct
- A statement as to whether data subjects have been consulted
Greenpoint will Guide You Through the Process
Each company is unique and our approach would reflect this.
However, there will be a general process that every business will take to GDPR compliance:
- The Assessment -Greenpoint will Carry out a full DPIA of your business.
- The Plan -Taking the DPIA, we’ll work out what to do and how to do it.
- Implementation – We’ll initiate our plan to implement polices and procedures whilst putting in place services and solutions around your IT infrastructure to fill in your compliance gaps.
- Ongoing Support – We’ll inform you of regulation changes to help keep your compliance up to date
Don't need the hassle?
We take care of everything!
Greenpoint approaches IT support from a forward-thinking standpoint, which means the managed service provider implements preventive measures to avoid problems. MSP’s deploy various remote monitoring tools that allow IT professionals to detect problems before they occur and implement solutions. Our outsourced IT services at Greenpoint are comprised of expert professionals and provide high quality outsourced business support.