GDPR – What are we doing to get ready?
Since the Data Protection Act 1998 was introduced, the world has changed…..just slightly. Smartphones, Webcams, Apps, Email Marketing, Voice Recognition, Facial recognition, Facebook…..the list goes on. Yes I know at this point you are thinking, yes granddad, it’s called technology and life moves on! And you’re right.
However, the main point here is, the Data Protection Act is simply not fit for purpose in our technology filled lives. It’s nearly 20 years old! Yep, back in the good old days, when you had to use a pencil to rewind your cassette tapes. (ah, to be a millennial)
GDPR is being introduced on 25th May 2018 and will change the way we use and store personal data completely! I’m not going to write paragraph after paragraph of boring jargon until you are bored to tears, I’m just going to highlight some of the key points in the new legislation, which should be confirmed by the Government early next year. This will be just a small extract, so if you want the full details, head over the ICO website: https://ico.org.uk/
What are the key points?
“Rights of individuals under the GDPR”:-
· Consent – OK, so this is the big one. Under GDPR and individual now needs to give their consent for you to be able to process and store their personal data. Without your consent, they can’t use it.
But there are exceptions. Organisations can also process personal data where the processing is necessary:
1. In relation to a contract which the individual has entered into
2. Because the individual has asked for something to be done so they can enter into a contract
3. Because of a legal obligation that applies to the data controller
4. To protect the individual’s vital interests (this only applies in cases of life or death)
5. For administering justice, or for exercising statutory, governmental, or other public functions
6. The processing is in accordance with the ‘legitimate interests’ condition
Right to withdraw consent – Unless there is a legal/contractual requirement for your personal data to be processed and stored, you can withdraw consent at any time in writing
Right to be informed – You have the right to ask why your personal information is needed, on what basis, how it will be stored, etc
Right to data portability – This simply means that any information you have given to the data controller can be transferred to another party at your request at any point.
Right to object – You have the right to object to the processing of your personal data and sensitive personal data, should there not be a legal/contractual reason for it to be processed
What are Sheldon Phillips doing in preparation for GDPR?
As a recruitment company, there is already a ‘legitimate interest’ for us to process your personal data, as if you come to us looking for a job, unless we can process your personal data…the search won’t go very far! However, as we provide Qualified Social Workers into the public sector – local government for example – and the work involves working with vulnerable children and adults, we have legal/contractual obligation to conduct background checks to verify your suitability to work in such a post.
To ensure that your data is completely secure, we file all of your documents within our CRM which is called BOND Adapt UX. BOND store your documents on their secure servers which are not onsite with us in our offices, giving you added comfort that if anything happens to our servers, your information is safe at all times.
We complete weekly back ups of data, which is stored in our own cloud device which is securely encrypted.
We’ve also appointed a Data Protection Officer, which will be announced in due course, so if you ever have any concerns or questions, they will be available to help.
This is of course a big change to how we use and process data, but by putting all of this in place now, we will be 100% ready for the deadline next year. We have always treated personal data correctly and securely, so you can rest assured we have the best available systems to handle things.
If you have any questions or queries about GDPR, give us a call and we will do our best to talk you through everything.