Here at CAP2 we think it’s important to keep you up to date with all the new regulations regarding GDPR. This article will give you a brief understanding of GDPR regulations, how it will impact your business, and what you can be thinking about now to ensure your organisation is ready in time for May 2018.
The EU General Data Protection Regulations (GDPR) come into force on the 25th of May, 2018, overhauling the data protection regulations to meet the needs of the digital world.
GDPR maintains the same data protection principles as the Data Protection Act, but brings in higher standards for fairness, lawfulness and transparency, purpose limitation, data minimisation, data quality, security and integrity. Accountability is key; requiring companies to demonstrate that they comply with the principles across their business.
The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
Why do we need these revised regulations?
Due to the growth of the internet and changes in behavioural advertising and social media, personal data is now being used in ways that were not envisaged at the time the current EU Directive was drafted making it not fit for purpose. There is a public led, political impetus for stronger data protection resulting in the need for GDPR.
What is CAP2 doing to keep pace with GDPR changes?
We’ve already made a commitment to our customers that we will help them meet the requirements of this legislation ahead of May 2018.
As part of this work, we are working on building and releasing new versions of our products that are being built according to the ‘Privacy by Design’ principle enabling our customers to fulfil their duties in adhering to EU GDPR. These proposed changes will be reviewed with a specialist GDPR lawyer, to ensure correct and complete interpretation of the law.
At the moment, it looks like CoursePro will only need some small tweaks to align with the GDPR legislation – facilitating our customers’ ability to be compliant with the GDPR. Don’t worry – we’ll keep you up to date if there are any scheduled software updates.
What you need to do?
Customers should review all existing processes in place within their organisations that relate to the storage and use of casual and member data. In particular, consider areas relating to:
Consent – it should be possible to trace and identify what an individual has consented to, as well as the time and method of consent. This consent could cover joining information, health data, and marketing preferences. It should also be possible for a member to change preferences or withdraw consent easily.
Security of data – Make sure your CoursePro passwords are made secure.
Capture of childrens’ data – the GDPR states that parental/guardian consent for access to online services is required for children – in the UK <13 years old. This means that as an operator, you need to consider how you are currently targeting memberships or activities for children – are the children being targeted to sign up or the parents?
Archiving and deletion of end customer data – it is worth re-examining both the length of time you need to retain casual and member data and the way that you store this.
It should be emphasised that CoursePro software alone cannot make an operator compliant as the regulation applies to all processes and practices performed by operators. However, we aim to ensure that by upgrading to our latest GDPR ready versions; will enable customers to build compliant practices within their organisations more easily to fulfil the main areas covered by the legislation.
Additional resources from the Information Commissioners Office are available at https://ico.org.uk/
Just so you know,
We know that communication about this subject is important. So we’ll keep you up to date with all CoursePro related GDPR updates regularly.