Viewing entries tagged
personal data

GDPR: making our customers "compliant by default"

A huge thanks to Rebecca, our Privacy Sheriff.

A huge thanks to Rebecca, our Privacy Sheriff.

Since May of this year, our self-titled "Privacy Sheriff", Rebecca, has been cracking the whip on our efforts to understand and prepare for the General Data Protection Regulation (GDPR), which takes effect on 25th May 2018.

We've undertaken an information audit (an ongoing process), identified steps that we must take as an organisation to protect our data and that of own data subjects, and have made ourselves battle-ready. We have a few feet to cover before May but we're proud to report that Solomon, as an organisation, will meet all the demands of the new data protection laws.

That work covers our role as a Data Processor; a party who acts on data on behalf of our customers. But what about our customers, as owners of the data held in Solomon; what the Information Commissioner calls Data Controllers

On the one hand, our BID customers are in a good position because they have a "legitimate interests" in processing much of the data they hold. Going a step further, we would argue that there is a "legal obligation" to hold liable party information, to ensure a Ballot/Renewal is legitimate. When it comes to some other points of data that is personally identifiable - personal information about individuals the BID team communicate with day-to-day - GDRP includes some new rights for data subjects that BIDs, as Data Controllers, must take account of.

Today we are announcing that we plan to spend the first few months of 2018 adding some new features to Solomon that will provide tools to address these new rights, and to make all our customers "compliant by default."

Undertaking this work will mean pressing pause on the development of some new features but this is a major shift in the law that affects all BIDs, regardless of size and shape, and we what to do everything we can to help.

Three key areas require our attention:

  1. Consent and the right to unsubscribe: every data subject must give consent for their data to be processed, including email addresses used for electronic communication. Data Controllers must receive "positive, freely given, specific, informed and unambiguous" consent for their data to be processed. Controllers need to say how long they will hold data for, what they will do with the data, have clear procedures for deleting the data once any deadline passes, and outline the subject's rights. We want Solomon to incorporate a set of tools for managing consents.

  2. The right to access: upon request, any data subject can ask a Data Controller to provide, free of charge and in a commonly used electronic format, copies of any data held about that subject. We want Solomon to incorporate a "one-click" solution for our customers.

  3. The right to be forgotten: every data subject has the right to request that the Controller erase any personal data held concerning them. We want Solomon to incorporate tools that allow you to flag personally identifiable data, and destroy it on-demand. 

GDPR represents the biggest change in data protection rules in two decades. Delivering these new features will require a huge amount of effort from our team but it's essential to us that Solomon customers are compliant by default.

The first global data protection law is coming.

In exactly a year from today, on 25th May 2018, EU regulations will bring into effect the biggest changes in Data Protection law for 20 years.

The GDPR (General Data Protection Regulations) will determine the use of personal data by placing rigorous obligations on organisations, like ourselves, who handle personal data. All companies worldwide, who process the data of EU citizens, will be obliged to take data privacy more seriously.

These new obligations will broaden the definition of ‘personal data’, meaning that genetic, mental, cultural, economic or social information will be considered such. There will be changes to the practices of how that data can be collected, stored and used. Additionally a new ‘right to be forgotten’ whereby individuals can request the permanent deletion of their data, which subsequently means process and technology systems may need to evolve. Finally, there will be new requirements surrounding data breaches and increased penalties for those who fail to comply.

Information Commissioner, Elizabeth Denham talks about how GDPR is an issue for the boardroom.

Here at Solomon, we are committed to handling data sensitively and ethically - data security is one of our key values after-all! We have already begun taking steps to ensure our compliance and over the coming months we’ll be keeping you up-to-date on this blog with a series of in-depth audits, reviews and policy changes which we have mapped out.

Please subscribe to our mailing list today and we’ll send updates to your inbox – no more than two emails each month, we promise.