On 25 May 20218, the General Data Protection Regulation (GDPR) will replace the Data Protection Directive as the new global standard on data privacy for all government agencies and organizations that do business with European Union (EU) citizens. When it does, all organizations that control, maintain, or process information involving EU citizens will be required to comply with strict new rules regarding the protection of personal customer data.
What is Personal Data?
Personal data can be anything that allows a natural person to be directly or indirectly identified. This may be a name, an address, or even an IP address. It includes automated personal data and can also encompass pseudonymised data if a person can be identified from it.
Both personal data and sensitive personal data are covered by GDPR.
- Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address... you name it.
- Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more.
Key things you need to know about the GDPR
Implications for Consultors
The GDPR includes a number of requirements for organisations running consultation programs, including:
- The process of obtaining consent to record, store and use personal data of consultees
- The right of consultees to request a copy of all data you store on them, and to ask for modifications or for complete deletion - the right to be forgotten
- Safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.
- Data security
- Importantly, the GDPR requirements apply to your existing data so you need to take action to bring your records up to scratch.
Read more about the implications for Consultors and Consultation Processes in our free e-book here.
Darzin helps deliver compliance with GDPR
This week we are moving our UK servers to the Microsoft Azure UK environment as it offers us some additional security measures and is GDPR compliant. With these additional measures in place, such as data encryption at rest, we meet the requirements of the GDPR as Data Processors.
There are a number of functions in Darzin that help you meet the GDPR requirements as Data Controllers. These include:
- The ability to track when and where Consent was provided, at a granular level
- Track the project "owner" of the Stakeholder record - full traceability of consent and how and when the Stakeholder's details are able to be used
- Edit a Stakeholder record in one place and all part of your operations benefit from the one update
- Export full details of what information you store on a stakeholder, how and where their data has been used
- Comply with security requirements around secure storage of data, encryption at rest and in transit, no international transfer of data outside of the EU region, secure and auditable access to records, and more.
We've put together a guide to understanding and complying with the GDPR from a Public Consultation point of view. Please don't treat it as legal advice - it is our understanding of the GDPR combined with our expertise in Public Consultation and Stakeholder Management.
Included in the e-book are a couple of checklists which you might find helpful to test if you are ready for this new legislation before May 28.
If you have any comments or questions about the e-book, please do get in touch.