The General Data Protection Regulation, commonly known as GDPR, came into force on the 25th of May 2018 and is still affecting any organisation that stores personal data.
Across Europe, many companies rushed to implement GDPR without thoroughly assessing how this should be done and some are still unsure of what the regulation means for them. This could leave them vulnerable to data theft and losing important information such as contact details and payment information. If your company is not GDPR compliant, you could face serious fines and potentially break the trust of your clients. Blackhawk’s team of data experts can help to simplify privacy compliance by assessing what your company needs to do to become GDPR compliant, how you can keep your information safe and prevent future security breaches.
What are your GDPR obligations?
You need to assure your clients that:
- They have a choice to withdraw their consent to you storing or using their data; giving them this choice helps to foster a strong trust between you and your customers.
- You can show on demand what data you have stored and able to tell them what you intend to do with the data.
- You can change or correct the data if they are wrong or out of date.
You need to be able to:
- Know who has access to the data.
- Appoint a Data Protection Officer if you hold data on a large scale, process sensitive data (such as bank details or medical information), or if your company is a public body.
- Maintain a record of all your data processing.
- Move the data to a new provider if needed, without posing a risk to the data, and be capable of securely transferring data outside of the EU.
- Carry out a Data Protection Impact Assessment (DPIA).
- Assess how secure the data are.
Blackhawk’s GDPR services
Our GDPR services provide an extensive analysis of how your company stores data, what you can and cannot do with them, and what you can do to prevent accidental or deliberate security breaches. By setting these processes in place, you will know that any information you have stored – whether it is your own, or that of customers and clients – is not compromised.
- Handling personal data
- Responsibilities of data controllers and processors
- Lawful basis for processing
- Cross-border data transfer
- Anonymised vs Pseudonymised data