Check out our latest product updates!
Share this
09 January 2018

Getting data compliant with GDPR

The GDPR is the biggest data protection shake-up in decades. However, if you’re a small or medium-sized organisation, there are a number of ways technology can help you become GDPR compliant, simply, and effectively.

Recognising this would become a priority for businesses, the PORT team has been developing a sophisticated platform since 2015, adapting the product as details emerged about the specific requirements of the GDPR.

As a result, PORT offers organisations fast, straightforward solutions to some of the most important requirements in the upcoming legislation.

 

The 99 Articles

At its heart, the GDPR gives control back to consumers over their personal data. The regulation states: ‘Everyone has the right to the protection of personal data concerning him or her.’ Another principle of the regulation is that any processing of personal data happens for the right reasons. ‘The processing of personal data should be designed to serve mankind,’ the GDPR explains.

Each of the 99 Articles of the GDPR aim to bring us closer to those two, overarching aims. However, businesses don’t need to take direct action on every Article, and many of the 99 Articles don’t require a tangible solution. For example, Articles 1-4 describe the objectives, scope, and definitions of the regulation itself.
16 of the Articles are both crucial for businesses to comply with, and can be solved with technology. Below, we outline how PORT can help your company comply, allowing you to step confidently towards full GDPR compliance.

 

Lawfulness of processing

To process data lawfully, one of the six legal bases listed in Article 6 needs to apply:

  • Consent
  • Contract
  • Legal Obligation
  • Vital Interest
  • Public Interest
  • Legitimate Interest

For more detail please see a full breakdown of lawfulness of processing.

 

Conditions for consent

According to Article 7, organisations need to be able to demonstrate a user has given their consent. PORT can track when and how a consumer gave consent, creating the necessary ‘audit trail’ for the company’s records. PORT will keep a record of who has given and withdrawn consent, and help you generate wording that will ensure consent is given appropriately.

 

Transparent communication

Transparent communication is an important part of the PORT offering, and is a requirement in the GDPR under Article 12.

The PORT platform creates automated emails to consumers when you’ve collected their data with their ‘data receipt’ – which can be branded for your company and amended for tone of voice. This explains what will happen to their data, and how they can access and amend it through PORT’s consumer portal.

 

Information to be provided to the consumer

Under Article 13, when data is collected from a consumer, businesses must provide them with specific details about how, why, and for how long their data will be held. PORT’s data receipts provide consumers with those details automatically.

Consumers are also entitled to know when their personal data is being used, if that data hasn’t been gained directly from them, according to Article 14. If that’s the case, PORT can still provide the consumer with an automatic data receipt.

 

Rights over the data subjects’ own data

The PORT account will give users access to their own personal data, and the ability to exercise a range of different rights required by the GDPR. These are:

Right of access by the data subject

Article 15 requires that consumers are able to access the personal data organisations are storing about them. With PORT, customers can view and export their own data. They automatically have easy access to whatever they need to know via PORT’s consumer portal for personal data management

Right to rectification

Article 16 states that consumers have the right to correct the data organisations hold about them. With the PORT platform, customers retain control over their data in this sense as well, and can amend if they come across any inaccuracies.

Right to erasure

An important point in the GDPR is the oft-quoted right to erasure or ‘right to be forgotten’, articulated in Article 17. This right is also covered by PORT, as customers are able to erase their own data when they wish to using their PORT account.

Right to restriction of processing

Article 18 stipulates that consumers have the right to restrict the processing of their data. Customers can appeal how the personal data they have stored by PORT is used.

Notification obligation

Article 19 requires consumers to be notified if there are changes to how their data is stored or used. With PORT, customers will receive information receipts and notifications when their data is rectified, erased, moved, or when processing is restricted.

Right to data portability

Under Article 20, consumers have the right to send their data from one place to another. PORT makes data portable and machine readable, providing customers with the ability to send their personal data on to outside organisations.

Right to object

Article 21 states that consumers have the right to object if they believe their data is being used unlawfully. PORT allows consumers to lodge an objection, quickly and easily.

 

Responsibility of the controller & records of processing activities

Article 24 makes it the responsibility of the data controller to be able to show their compliance with GDPR. Also, companies must record their own data processing activities, under Article 30.

PORT will provide much of the documentation and audit trail needed by companies when they’re asked to demonstrate GDPR compliance. The data controller will be able to construct and export reports, as well as automatically generate an audit trail.
The automatic audit trail makes it easy for companies to conduct data processing audits on any data processing that followed.

 

Privacy by design and by default

Data protection should be implemented by design, rather than as an afterthought, with data protection principles implemented by organisations by default, says Article 25.

PORT never compromises on security, and this means your customers’ personal data is well looked after. The PORT platform, itself, is a manifestation of data protection by design and default.

If you choose to make use of the platform, your business will benefit by inheriting PORT’s high standards of security and privacy by design.

 

Security of processing

Data processing must be secure, stipulates Article 32. Security is central to everything we do at PORT. Security features of the platform include encryption of data, both in transit and at rest, granular permissions systems, two-step authentication and an automatic audit trail. Together, these elements ensure all data processing is completely secure.


Get data compliant with the GDPR experts. PORT.im’s CEO, Julian Saunders, will guide you through 4 easy steps any business can take right now.

Watch the Webinar

Picture of Chris

Chris

Read more posts by this author.

Read More