Roses are expensive at this time of year and violets too but compared to GDPR non-compliance, they’re nothing to you.
Valentine’s day means there are just 100 days to go until the General Data Protection Regulation comes into force. That’s precisely 2400 hours in which to ensure your business complies with the law.
Whilst the use of anonymisation may be rife at this time of year, we’d rather make things simple for you. Our not so cryptic message to you? Sharing some the effects GDPR will have on businesses and how we can help make compliance easier.
Subject Access Rights
Data subjects have had the right to access request access to their data for over thirty years but GDPR brings with it a host of new challenges. Under the Data Protection Act 1998, data controllers have been able to request a small fee to help cover just a little of the administrative costs. Organisations have had 40 calendar days to respond to requests and when they have done so, in some cases, they’ve been able to simply provide a description of the data rather than copies.
GDPR changes all of that. Data subjects will be able to access their data at no cost to themselves. The time limit for responses has been shortened to just one calendar month (30 days) and Article 15(3) clearly states that they are entitled to copies of the data held.
Undoubtedly this will encourage more individuals to apply to find out what is held about them. Costs to companies are anticipated to soar, especially for those running paper based systems who will spend countless additional man hours at the photocopier, removing paper jams and cursing hidden staples.
Besides relying on the originals held, they will have no means of knowing what they have actually sent to the data subject.
This presents a problem. How do you evidence you have complied with a subject access request with no evidence of what you’ve sent?
Creating scanned, electronically bound copies of the data (which can then be sent securely too) could be the easy answer. Although the data will still need to be fed through a scanner, there’s no waiting for a printout to appear and you hold a digital copy of what has been sent. iDocs Bindr SafeSend collates all scanned documentation alongside that provided from electronic sources, creating an electronically bound data subject file which can be printed or sent securely. Provided the Bindr is sent electronically, vast savings are made against the cost of printing, photocopy & postge.
Data Portability
The right to data portability is new. Whilst it officially only applies to processing carried out by automated means, many would be disheartened to receive vast quantities of data in paper form. Receipt of personal data in a machine readable format is, for most, far preferable and much more useful.
Of course, this is a challenge for a large number companies as email size controls prohibit the transfer of large documents and other technical options are not always available.
iDocs Bindr Safe Send has no limits on file size meaning you can transfer almost any file size you wish and allow the recipient to download it safely and securely at their convenience.
Data Security
Technical and organisational measures must be applied to ensure data are offered an adequate level of protection at all times. This applies to sending data to data subjects too. Since when has the post ever been secure?
Whilst you can pay vast sums for insurance, not many companies are going to offer adequate compensation as part of their insurance against the risk you face if personal data were to be lost in the post.
By sending data subject files using iDocs Bindr Safe Send you can be assured that the data are encrypted in transit and at rest. Though as with all gifts, we can’t guarantee what the recipient will do with their own data.
Cupid could learn a lot here.
It’s not romantic but we can’t imagine a date with the Information Commissioner’s Office because you’ve not complied with GDPR would be either.
So if you’re looking for the ultimate proposal, let us show you how easily iDocs Bindr Safe Send could help you achieve compliance with GDPR articles 15, 20 and 32.