Check out our latest product updates!
Share this
17 April 2018

Getting GDPR-ready with PORT: The Basics

Getting GDPR-ready with PORT is quick and simple. Businesses can connect their apps, and automatically organise data to stay compliant and take control.


1. Connect your personal data to PORT

First thing’s first, you’ll need to get the personal data your business holds into PORT. We can begin building a picture of the personal data you hold, how you use it and who it’s shared with.

There are a number of different ways to connect your personal data to PORT:

a) Use one of our pre-built integrations:

We have built (and are continuing to build) a series of integrations with commonly-used services and third parties, such as MailChimp. All you need to do is authenticate your relevant account and our systems will be in sync.


b) Connect a service via API:

To connect via our API,you’ll need is a good developer and a couple of days. We can advise you on the technical aspects and make sure things run smoothly at our end.


c) Connect any data with a CSV or Excel upload:

Got data sitting on spreadsheets, or in systems that aren’t connected? No problem.
You can pull data from any system into a spreadsheet. Make sure it’s either a CSV or Excel format, then plug it straight into PORT.


d). Connect an SQL database:

Just provide some details about your SQL database, write the appropriate SQL query, and then plug the data straight into PORT.

 


2. Map your data

medium-1

Next, identify who you share personal data with using our data mapping tool. This could be anyone or anything, from software you use to deliver emails, a marketing agency you work with, or even your accountant.


We’ll start off by scanning your website and identifying some of the tools you use that might hold personal data.


Then you’ll need to source the tools and businesses that we weren’t able to identify from your website. This might require some thinking and research on your part, especially if you’re part of a larger organisation - but understanding (and controlling) where and with whom you share personal data is essential for good personal data management and being GDPR-ready.


If any of the systems or businesses you work with are based outside the EU, our database of systems and businesses will help you automatically identify the basis on which data is transferred abroad.


3. Create data agreements and assign them to the right individuals

Data agreements capture everything, from how long you keep data, to what legal basis it’s held under.

These data agreements will serve firstly as your record of processing, And provide a full and comprehensive picture of each individual’s personal data and how it’s being treated.

Each data agreement will include:

  • The purpose of using the personal data.
  • The legal basis on which that data is held.
  • How long data is kept.
  • Who it’s shared with.
  • Whether the data will leave the EU.
  • Whether the data is subject to automated decision making.

For example, an eCommerce business that sells socks uses data in different ways. At a basic level, they use personal data to sell you socks and deliver them to your house, and to market to you to encourage you to buy more socks. This company would create two data agreements to capture how it uses personal data; one for marketing and one for selling socks.


4. Set up your portal and request settings

Once those first 3 steps are completed, we have a full picture of how your business uses personal data. We can now open up lines of communication with the people whose personal data you manage.

Setting up the portal is simple, you can create a sub-domain for people to gain access to their data using unique invite links that we’ve automatically created for everyone you’ve imported into PORT. This gives individuals access to the data that you hold on them and show them exactly what you’re doing with it.

From their portal accounts they can exercise their rights over their data. You can then define how you would like to deal with these and assign who should be notified.

 

5. Access our optional features

You can then set up any of the optional features you think your business needs.

Privacy policy:

Answer a few questions and we’ll do the rest with the information you’ve already provided. You’ll have your own custom privacy policy available in multiple formats.

Data receipts:

Automatically notify new users when they give you their information. Set the branding and amend the standard wording in our data receipts and create one that works for your business.

 

6. Claim your ‘GDPR Ready’ badge and stay in control

green_1024

Once you’ve set things up, you can claim your ‘GDPR Ready’ badge to demonstrate that you take privacy seriously.

Finally, it’s important to remember that GDPR is not a one-off tick-box exercise and something that you should be paying attention to continually. PORT provides you with the tools you need to stay compliant.

 

Get started by watching this webinar from PORT.im’s CEO, Julian Saunders: 4 easy steps any business can take right now to get GDPR compliant.

Watch the Webinar

Picture of Chris

Chris

Read more posts by this author.

Read More