GDPR – these four little letters have been the subject of many a newsletter, blog and article over the past couple of years and the deadline is now nearly upon us.
Basically the new legislation aims to give us all more control over who holds our personal information, how and where that information is stored and how it’s used and managed. Hardly the most riveting of topics we know, but all companies, irrespective of size, will be affected and need to make sure their GDPR ducks are in a row.
The law requires you to comply with seven key principles (ref. Office of the Guernsey Data Commissioner) when processing personal data:
Lawfulness, Fairness and Transparency
Information about an individual must be obtained and used in a transparent way and only used for the purposes agreed and explained at the time of collection.
Personal data must be collected for a specific, explicit and legitimate purpose and once collected must not be processed in a manner incompatible with that purpose.
Personal data processed must be relevant and limited to what is necessary in relation to the purpose for which it is processed.
Personal data must be accurate and, where applicable, kept up to date. Reasonable steps must be taken to ensure that any personal data that is inaccurate is erased or corrected without delay
Personal data must not be kept in a form that permits the identification of a data subject any longer than is necessary for the purposes for which it is processed.
Integrity and Confidentiality
Personal data must be processed in a manner that ensures its security, including protecting it against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate password protection, encryption and other technical safety measures.
According to the local jungle drums, it’s likely that many Guernsey businesses – particularly small operations – will not be ready for by 25 May and that our powers that be are likely to extend the deadline. So now is the time to start getting things in place. If all this legislation, data processing and tech stuff is making your head spin, give us a call. We have data specialists on the team who can help you with data storage, security and management questions and we would be happy to help.
Lots of additional legal stuff and guidelines can be found on the Office of the Guernsey Data Commissioner website