General Data Protection Regulation (GDPR)

The GDPR deadline is fast approaching.

NewOrbit is helping new and existing clients update their software and processess to be GDPR compliant. We also help organisations move their productivity software to Office 365 and their bespoke software to Azure in order to benefit from the extensive GDPR support provided by Microsoft.

The GDPR is widely seen as a global gamechanger in data protection, with probably the strictest rules anywhere in the world.

Why should I care?

The GDPR will change the rules for any company that store and process data about humans – so almost any organisation.

The deadline for complying is 25 May 2018 and it will take effect irrespective of Brexit.

Fines have been very substantially increased, with fines easily running into millions of pounds, even for small companies. The Information Commissioner’s Office have already expanded their staff by 40% in May 2017 to prepare for increased enforcement.

Highlights

The GDPR covers a wide range of subjects. For software designers, builders, operators and owners, there are some key highlights;

  • Consent
    You need to obtain consent to anything you do with people’s data. Consent needs to be given freely and it must be possible to withdraw consent as easily as it was to give it.

  • Subject Access Request
    Anyone can ask you for a copy of all the data you hold on them – and you must provide it for free.

  • Retention and Erasure
    You must only keep data as long as you need it. And individuals have a right to ask you delete it at any time.

  • Profiling and automated decisioning
    Individuals can challenge decisions made by an automated system and have a right to have it re-done by a human.

  • Children
    The rules for processing data on anyone under the age of 16 are much tighter than ever before and appear to include a requirement to get a legal guardian to consent on their behalf.

  • Encryption Whilst the GDPR does not explicitly require you to encrypt data it is strongly recommend in the regulation.

  • Secure
    Systems must be “secure by default and by design”.

  • Mandatory Reporting
    You must now report data breaches to the ICO within 72 hours of becoming aware.

  • Contracts
    Your contracts with other organisations whom you use to process data or share data with, including cloud providers, email providers, marketing companies, affiliate partners, SaaS providers, possibly your customers etc need to be updated to include specific GDPR guarantees.

How can we help?

We can re-develop software that is no longer fit for purpose, we can help you to move your software to Azure and and your productivity software to Office 365 - all options that can help you with GDPR compliance.

If you think we might be able to help, please get in touch.


On this site we have also provided a number of resources to provide you with information about GDPR and how it affects software:

  • GDPR for People who own Software
    This post is for the people who are responsible for the business side of owning software, people who own or are responsible for the intellectual property in software - the people who have to worry about business risk, contracts, sales and so on.
  • GDPR for Operations
    GDPR advice for the people who are responsible for hosting and managing software.
  • GDPR for Software Designers and Developers
    GDPR advice for the people who design and build software, such as business analysts, developers and architects.
  • GDPR Summary
    A brief overview of the GDPR and its implications