A deluge of privacy policies and subscribe requests heralded the arrival of the new General Data Protection Regulation (GDPR) at the end of May. From a user perspective, it’s a positive step. For businesses, it’s an opportunity to review and update interactions with customers, ensuring compliance and optimum efficiency. This is where technology has a vital role.

Protection of personal data is now a crucial part of every data-processing system. What was previously an ‘add-on’ or addition within business systems must now feature at the core of technology within organisations.

There are three technology-based goals that GDPR aims to achieve:

1. Organisations to take ‘appropriate technical and organisational measures’ to protect data

The Information Commissioner’s Office is clear that when developing these measures, organisations must pay attention to the ‘nature, scope, context and purposes of processing’ involved. “We recommend that you carry out a risk assessment to understand the full impact your technology can have upon individuals’ rights,” says Eric Hughes of EMH Technology. “Many business owners have carefully thought through their marketing strategy and operational processes. Technology plays a vital role and has often been overlooked.”

2. Individuals’ rights to be protected by the technological environment

GDPR is very clear about the rights of individuals. To enable your organisation to meet this obligation, your technology should offer the following functionality:

• Connect people to their personal data
• Identify personal data by type, and by processing purpose (there are six acceptable bases for processing personal data, including legitimate interest, contract and consent).
• See the full information lifecycle
• Perform search and retrieval of information
• Allow update, redaction, anonymization, suppression and erasure of information held as needed
• Transmit personal data from one technology stack (software/product combination) to another

3. A proper approach to technology design and deployment

These system design requirements help data protection to flow into technology:

• Accountability
• Recording of processing activities
• Default data protection
• Impact assessments for data protection
• Breach notification

In summary

Organisations controlling personal data need to implement appropriate technical and organisational measures to demonstrate that they are GDPR-compliant. “Technology has always had an essential role in data protection,” says Eric Hughes. “The new regulation is formalising best practice rather than introducing revolutionary measures.”

GDPR isn’t going away and customers are more aware of their rights regarding their data than ever before. EMH Technology works with clients to establish a web portal for GDPR management.  This provides a central place to document and manage your GDPR obligations, including:

• Data processing activities
• Risk assessments
• Data access requests
• Data breaches

Please contact us if you would like to find out more about a web portal for GDPR management.

Or to discuss how your technology supports your data protection requirements, contact us for an initial discussion without obligation.