General Data Protection Regulation (GDPR)
The GDPR was widely seen as a global gamechanger in data protection, with probably the strictest rules anywhere in the world.
NewOrbit is helping new and existing clients update their software and processes to maintain GDPR compliance. We also help organisations move their productivity software to Office 365 and their bespoke software to Azure in order to benefit from the extensive GDPR support provided by Microsoft.
Why should I care?
The GDPR changed the rules for any company that stores and processes data about humans – so almost any organisation.
Fines have been very substantially increased, with fines easily running into millions of pounds, even for small companies.
Highlights
The GDPR covers a wide range of subjects. For software designers, builders, operators and owners, there are some key highlights;
Consent You need to obtain consent to anything you do with people’s data. Consent needs to be given freely and it must be possible to withdraw consent as easily as it was to give it.
Subject Access Request Anyone can ask you for a copy of all the data you hold on them – and you must provide it for free.
Retention and Erasure You must only keep data as long as you need it. And individuals have a right to ask you delete it at any time.
Profiling and automated decisioning Individuals can challenge decisions made by an automated system and have a right to have it re-done by a human.
Children The rules for processing data on anyone under the age of 16 are much tighter than ever before and appear to include a requirement to get a legal guardian to consent on their behalf.
Encryption Whilst the GDPR does not explicitly require you to encrypt data it is strongly recommend in the regulation.
Secure Systems must be “secure by default and by design”.
Mandatory Reporting You must now report data breaches to the ICO within 72 hours of becoming aware.
Contracts Your contracts with other organisations whom you use to process data or share data with, including cloud providers, email providers, marketing companies, affiliate partners, SaaS providers, possibly your customers etc need to be updated to include specific GDPR guarantees.
How can we help?
We can re-develop software that is no longer fit for purpose, we can help you to move your software to Azure and and your productivity software to Office 365 - all options that can help you with GDPR compliance.
On this site we have also provided a number of resources to provide you with information about GDPR and how it affects software:
GDPR for Software and how Azure can help
by Frans Lytzen | 25/06/2018A video recording we made with Microsoft about how GDPR applies to Software development and how Azure can help.
GDPR for People who own Software
by Frans Lytzen (NewOrbit), Simon Halberstam, Raoul Lumb & Anne Rose (Simons Muirhead & Burton) | 09/10/2017This post is for the people who are responsible for the business side of owning software, people who own or are responsible for the intellectual property in software - the people who have to worry about business risk, contracts, sales and so on.
GDPR for Operations
by Frans Lytzen (NewOrbit), Simon Halberstam, Raoul Lumb & Anne Rose (Simons Muirhead & Burton) | 08/10/2017GDPR advice for the people who are responsible for hosting and managing software.
GDPR for Software Designers and Developers
by Frans Lytzen (NewOrbit), Simon Halberstam, Raoul Lumb & Anne Rose (Simons Muirhead & Burton) | 07/10/2017GDPR advice for the people who design and build software, such as business analysts, developers and architects.
GDPR Summary
by Frans Lytzen (NewOrbit), Simon Halberstam, Raoul Lumb & Anne Rose (Simons Muirhead & Burton) | 06/10/2017A brief overview of the GDPR and its implications
