The General Data Protection Regulation (GDPR) was introduced to the EU in May 2018. GDPR has six primary principles that set out the obligations for businesses and organisations that collect, process and store individuals’ personal data.
- Lawfulness, fairness and transparency
You must process personal data lawfully, fairly and in a transparent manner in relation to the data subject.
- Purpose limitation
You must only collect personal data for a specific, explicit and legitimate purpose. You must clearly state what this purpose is, and only collect data for as long as necessary to complete that purpose.
- Data minimisation
You must ensure that personal data you process is adequate, relevant and limited to what is necessary in relation to your processing purpose.
You must take every reasonable step to update or remove data that is inaccurate or incomplete. Individuals have the right to request that you erase or rectify erroneous data that relates to them, and you must do so within a month.
- Storage limitation
You must delete personal data when you no longer need it. The timescales in most cases aren’t set. They will depend on your business’ circumstances and the reasons why you collect this data.
- Integrity and confidentiality
You must keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Complying with GDPR when data is stored in legacy formats (paper, single view file structure etc) creates challenges and ultimately compliance failures.
ISAAC solutions, in partnership with Microsoft, are fully GDPR compliant; comprising intelligent search capability, customisable storage and configurable data management parameters to ensure your GDPR compliance is achieved by design and not by chance, putting you entirely in control of your customers data. Learn More
To learn more about Microsoft Office 365 Security & Compliance, visit the Microsoft Office 365 Security & Compliance Centre
Despite the many advances in technology over the years there still seems to be no foreseeable end to the humble password. As the pace of technology has increased over the last few decades, so has the number of online services (and therefore passwords) which we...
With a little over 6 weeks to go until GDPR takes effect, many companies, particularly in the small to medium sector, and who don’t have access to huge budgets, are struggling to know where to begin. Yes, there are very helpful articles and guides available from the...
With little more than 2-months until GDPR takes effect, businesses are struggling to prepare; many unsure which actions to take and when, or simply because their heads are firmly buried in the sand. Consumers, on the other hand, are primed, ready and waiting.According...