We now comply with GDPR.
From May 2018
From 25th May 2018, the new General Data Protection Regulation (GDPR) will come into force and replace the Data Protection Act 1998.
The general gist of GDPR is to give people more control over how organisations use their data, in conjunction with hefty fines for companies that fail to comply with the rules or suffer data breaches.
Article 4 of GDPR identifies the different roles that will be apparent within organisations:
Controller – “means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”
Processor – “means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”
It is the responsibility of the Controller and/or Processor to demonstrate compliance with Article 5 of the regulations and the six principles which outline that the processing of data shall be:
HOW IT WORKS
How have we addressed the GDPR rules?
Like most companies, we are on-board with the challenge of being GDPR ready, well before the 25th May. Orbital will be mainly considered a ‘processor’ under the new rules and we have looked at the following areas to implement change:
Although this is a new regulation, as long as a company has been operating with the current Data Protection Act in mind, then GDPR should not mean a massive change in process and procedure. Please feel free to ask our opinion on how to work together with GDPR.