By Kali Bagary | 15 October 2017 |

Everyone is talking about GDPR for all the obvious reasons. Impending deadline, heavy fines if non-compliant, to name but a few.

Understanding how the individual new regulations will affect your business and IT processes is crucial to ensuring your business will not only prepare for, but continue to be, compliant.

Let’s take a closer look at the newly defined Data Subject rights and see how that transforms into Business & IT Processes:

  • Breach Notification:

    Once made aware, data processors must notify customers and controllers & regulators within 72 hours: Be transparent.

    • Business Process: write up and train employees on new data retrieval procedure.
      Tip: make this procedure simple and easy to follow.
    • IT Process: set up an automated notification process

  • Right to access:

    Any individual can ask the data controller to let them know if data is being held, where it is being held and for what reason. The data controller must provide an electronic copy free of charge: Enable free access.

    • Business Process: Tip: limit this functionality to 2 key employees to avoid accidental distribution or erasure of incorrect data.
    • IT Process: migrate data / enable data access.
      Tip: create an auto pdf for email distribution

  • Right to be forgotten:

    Any individual can ask the data controller to erase all the information held on them. This includes deletion, distribution and potentially have 3rd parties remove their data too: Provide 'data erasure'.

    • Business Process: establish clear guidelines on data distribution and deletion.
      Tip: limit this functionality to 2 key employees to avoid accidental distribution or erasure of incorrect data.
    • IT Process: set up validation checks such as : ‘do you really want to send this information to xx?’ ‘are you sure you want to erase this data?’

  • Data Portability:

    Personal data received by an individual electronically can be passed to another data controller: Facilitate individual data transfer.

    • Business Process: establish clear rules and limit employee access to this feature. You will have more control and a better audit trail.
    • IT Process: set up validation checks, such as ‘do you really want to transfer this personal information to xx?’

  • Privacy by Design:

    All data controllers must design all their systems to include and meet data protection regulations from the outset. This applies to both technology systems and business processes. Offer protective system & process.

    • Business Process: conduct a thorough business analysis on the sensitive data, where it resides and is processes. Validate through heavy user testing.
    • IT Process: set up a secure network and test – repeatedly.

Who are we?

We are proud of our team of highly experienced & well connected professionals, who have been successfully delivering business solutions across diverse technologies and in multiple industry sectors.

Our particular expertise is in the financial services and insurance sectors.

Along with this, we are able to call on our extensive network of consultants, partners and associates to augment our delivery capacity. TechFINIUM currently has operations in the UK, South Africa and India.

Harnessing Technology Boundaries