If you run a business that retains personal data of any sort, the General Data Protection Regulation (GDPR) is probably something about which you’re becoming increasingly familiar.
This set of regulations comes into force on May 25th, 2018 and by that time all businesses covered by the new regulations will need to be compliant – so, to keep you up to speed on how these rules will affect our business, we’re going to publish a series of GDPR updates over the next couple of months.
What is GDPR?
For the uninitiated, GDPR is European Union regulation aimed at strengthening an individual’s rights over how their data is used. The new rules will unify data protection law across the European Union and apply to organisations that process and store personal data. They will also herald a regime of tougher fines for breaches and non-compliance.
Does GDPR apply to me?
It applies to any organisation that controls of processes Personally Identifiable Information (PII), including organisations based outside the EU that handle data belonging to EU residents.
How does GDPR impact Publish Interactive?
Publish Interactive directly handles very little PII data, so the impact is likely to be minimal. However, we take our responsibilities in this area very seriously so we’re publishing this bulletin as the first step towards becoming GDPR compliant and letting our clients know what our plan looks like.
What happens next?
As we progress towards the compliance date we’ll publish regular updates about our activities. Of course, we’ll also provide customers, should they wish, with the opportunity to ask questions, seek clarifications, and input into the process.
Here’s an outline of the topics – and some timings – of what we’ll soon be publishing updates about:
- Use of PII by iReports: by early February, we intend to define and document what data will be collected by iReports and how, when and where, it will be used within the software
- Third-Party Suppliers: by end of February, we intend to document and list any third-party suppliers who reference PII and link to their conformity statements
- Subject Access Requests: by late March, we’ll define and document our process for dealing with SARs – including the likely timeframe and methodology of obtaining requests for information
- Breach Notifications: we also intend to define and document the process for dealing with any breach notifications – ensuring time limitations are achievable and adhered to
- iReport Changes: we’ll also outline a plan for any changes that are needed to iReports (eg: PII opt-in on registration) and detail the dates when this work will need to be completed
Aside from our updates, should you have any questions or require any kind of clarification we’d be delighted to hear from you.