The world has changed in the last 20 years. This is the last time that the laws governing privacy and security were updated. There is much we as a society need to do in order to protect our fundamental human rights. We only need to look at the advancement in cloud-based software, smart gadgets, social apps and email marketing automation. No wonder it’s taken 4 years to prepare these EU General Data Protection Regulations. These series of blogs give you tools, tips, guides and jargon free information to help you become GDPR compliant. Discover how the definition of ‘personal data’ has changed.
The definition of ‘personal data’ has historically been quite a general term. GDPR have widened this definition. These are the main areas that specify the different kinds of personal data under the regulation:
- IT – This is a new area to be affected by data protection regulation but this very software is a useful tool to help us with our data storage, segmentation, historical proof, encryption methods etc.,
- Identifiable Data – Basically any data that could be used to identify a person, for instance: genetic, mental, cultural, economic and social information.
- Specific Personal Information – This covers the obvious name, address, telephone number, medical info’ etc. Employment records are the obvious area that this falls into.
Due to the new kinds of ‘personal data’ listed above it will be unlikely that there will be any businesses unaffected by GDPR requirements. Read a previous intro to GDPR blog here to get a summarised overview.
There are Methods and Processes to Help Your Business Comply
As a company, it is your responsibility to keep secure the personal data you hold. Some examples of methods you could use to comply to GDPR regulation are:
-
Use of pseudonyms or encryption of personal data.
-
Traceability, tracking changes to your company’s database and logging those changes. Also recording those responsible for the changes.
-
Monitoring of data access and activities. Note and block unauthorised access activity.
-
Use a CRM that tracks a user from website application to the shared database user and final data accessed such as the free HubSpot CRM tools
HubSpot software makes some of the GDPR rules easier to follow and automate to keep your business covered. For example using HubSpot landing pages, forms and double opt-in methodology, many of the repeatable GDPR regulations on consent, remaining informed on how data is to be used, clear language and opting in/out can be automatically covered once your platform is set up.
The free CRM also tracks and records emails and actions giving both your prospect and your company the reassurance and proof of your visitors’ consent, wishes and option to be deleted or contact details amended. This software makes things easy and keeps everyone covered.
There are many, many more processes and methods such as the few listed above but I’m sure you get the idea. Your business can implement and design processes like these in order to protect your organisation and ultimately each individual’s private data.
The Right to Be Forgotten
I love this term ‘the right to be forgotten’ or also known less poetically as the ‘data minimisation principle’. This ensures that businesses do not hold personal data for longer than is necessary for a given purpose. A company must not change the use of the personal data from the original purpose for which it was prearranged. Also at the request of an individual an organisation must delete any data held on that individual. A common scenario of this is a business wishing to send a general news email to a person who downloaded a brochure from their website. In order to comply with the new GDPR regulation, the company can only do this after permission was received from the person to be sent this new and different, specific content.
Subscribe to our blog to receive tools, tips, and guides in our GDPR series directly into your inbox. Download this whitepaper to ensure you are informed about the new GDPR regulations…