Companies that utilize personal data of European Union citizens have only a year for preparation left before the enforcement of the General Data Protection Regulation (GDPR) on May 25, 2018. This set of guidelines is forecast to have great impacts on many businesses. According to a report by the Information Commissioner’s Office (ICO), meeting the requirements of this regulation can cost small and medium-scale firms about £76,000 a year added in expenditure. Before the GDPR comes into force, companies may have to consider reviewing and amending their data policies and terms of use as well.
For the past two decades, the Data Protection Act of 1998 served as the main reference to ensure protection of the citizenry’s personal information in various industry uses. The EU believes that the creation of the GDPR is timely, as more trade systems capitalize on consumer data for growth over the years. Generally, the GDPR focuses on three main points: regaining control of personal data to users, simplification of regulatory settings, and appointment of data protection officers in companies where data is processed in every day operations.

DBI, as a data company, sees to it that we comply with the current laws on data protection. We will conform to the reformed EU regulation as long as it benefits both European consumers and small to medium-scale industries too.

12 Essential Points in Preparation for the GDPR Enforcement

1.) For Information DBI holds
DBI adheres the eight data protection principles stipulated in the Data Protection Act of 1998.

2.) Awareness
DBI has started educational discussions on the regulation and would continue disseminating more information about it once we have designated our Data Protection Officer.

3.) Communicating Privacy Information
DBI will review its current Data Protection Policy and will make necessary changes in accordance to the purpose.

4.) Individual Rights
Consumer data stored must be formatted in a way that is easily and securely accessed. Moreover, we have a data destruction system in the event personal data needs to be abolished.

5.) Subject Access Requests
Access requests to certain consumer data can be processed within 28 days or less. Identity of the requester should be verified prior to processing of request to ensure disclosure of personal information to the authorized individual.

6.) Legal Basis for Processing Personal Data
DBI will present a detailed description (flowchart) of how the data processes take place in accordance with data protection laws.

7.) Consent
DBI will review the manner by which data is obtained from consumers with their consent.

8.) Children
As a company, we have a vulnerable person policy; so, we do not
contact consumers below 18 years old or those over 80 years old.

9.) Data Breaches
DBI constantly checks its storage system to prevent and to detect instances of data breaches.

10.) Data Protection by Design and Data Protection Impact Assessments
Concerned DBI personnel, especially the Data Protection Officer will familiarize themselves with the Primary Impact Assessments guidelines by the ICO.

11.) Data Protections Officers
Small companies like us may not afford designating a fulltime Data Protection Officer; rather we would assign the responsibility to one of our team members who has the ability to fulfill the tasks – overseeing data security, detection of cyber threats, and managing other business concerns related to storage and processing of consumer data.
12.) International
DBI is an ICO registered company based in the Philippines. It only works with other companies that are ICO accredited as well.

 

Leave a Comment

Your email address will not be published. Required fields are marked *