GDPR: Remember Your Clients, Remember Their Rights
All organisations should now be working hard to prepare for GDPR with the deadline approaching on 25th May 2018.
Having covered the principles of GDPR and some of the ways the regulations will change the industry, in this article, we’ll take a look at the finer details that will be all important to an effective GDPR implementation and can be the difference between compliance and non-compliance.
Remember: It’s important that you work with your legal advisers, GDPR practitioner (Data Controller) and IT service provider to ensure you have right implementation for your organisation.
One of the most important aspects of GDPR is an individual’s rights, and specifically the right to be forgotten. The regulations clearly state how you should approach the processing of data, with particular attention paid to:
- Erasure – The removal of an individual’s data from processing activities.
- Anonymity – Changing all data that would make an individual identifiable.
- Pseudonymise – Changing all data such that an individual is not directly identifiable.
- Proof - Confirmation that certifies that the individual’s request has been processed.
When does this right apply?
Individuals have the right to request that data be erased so as to prevent processing, but this is not an absolute ‘right to be forgotten’. However, the request is broad is in its application, covering:
- Data that is no longer necessary in relation to the purpose for which it was originally collected/processed.
- Withdrawal of consent.
- Objection to the processing, with no overriding legitimate interest for continuing the processing.
- Unlawful processing (i.e. otherwise in breach of the GDPR).
- Erasure of data to comply with a legal obligation.
- Processing of data in relation to the offer of information society services to a child.
Being able to ensure that an Individual’s rights are upheld is important and our CRM technology includes features to help you comply with the regulations. The thinkCRM application has services to ensure erasure, pseudonymity or anonymity, together with a report to certify this has been executed.
To find out more about our products and services, and how the can help your business, please give us call or get in touch via our contact page.