On the 25th May 2018 the General Data Protection Regulation will be put into place. If you’re ahead of the game and have already heard of it you’ll be aware that you only have a month to go until the regulation becomes official and affects all of us one way or another. It will affect the way we work, from the way we handle your personal data, to the way you handle your own client’s personal data.
What is GDPR?
The EU’s General Data Protection Regulation is the result of years of work by the EU to bring data protection legislation into line with new, previously unforeseen ways that data is now used. The drivers behind GDPR are twofold. Firstly the EU wants to give people more control over how their personal data is being used, bearing in mind that many companies like Facebook swap access to people’s data for use of their services. By strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the emerging digital economy.
So what does GDPR have to do with Paprika?
Personal data under the new law is defined as any data that can identify an individual, either by itself or in conjunction with other data. To improve privacy rights the new GDPR will give individuals a lot more control over their particular data, by monitoring the way it is collected, used and how long it will get stored for. As providers of software, we are giving our clients the tools to ensure they can comply with regulations, and demonstrate our own compliance in the way we store and handle our client information. The data we currently hold has been reviewed over the last couple of months and we have come to the conclusion that not all of it needs to be changed but some adjustments have been made and clients have been informed of these changes.
React being made GDPR compliant
As you’ll have read, React- now known as the contact centre, has had a complete makeover, but we haven’t forgotten to make it GDPR compliant too: our development team have added additional fields to the Name pane on a React Record
- Consent- This will be a tick box which defaults to Off (to indicate no consent given)
This is just an example of one of the many updates our development team have made to Paprika to make it GDPR compliant and which will be released at the beginning on May, so keep your eye out!
Who does the GDPR apply to?
Controllers and processors of data must abide by the new GDPR. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. So the controller could be any organisation, from a profit-seeking company to a charity or government. A processor could be an IT firm doing the actual data processing. However if your controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU residents.
When can we process data under GDPR?
At Headquarters we are well in the process of making our databases GDPR. With only a few weeks to go it shouldn’t be something you do at the last minute, it’s a process that needs a lot of analysing and communication amongst colleagues to make sure you have covered all bases. Once the legislation comes into effect, controllers must ensure personal data is processed lawfully, transparently, and for a specific purpose. Once that purpose is fulfilled and the data is no longer require, it should be deleted.
Will Paprika clients be affected?