We’ve been exploring some of the most commonly asked questions and the areas of data that can feel confusing. When it comes to data, one law that everyone must obey is GDPR. But what is the GDPR, how does it affect businesses in the UK and how do you know if your data is safe?
The basics of GDPR
GDPR, or the General Data Protection Regulation, is a European Union law that affects the way data is stored and shared across the EU. Despite the UK leaving the EU, GDPR still applies to all businesses trading in the UK. The main aspects of UK GDPR you need to consider when you’re working online and sharing information is anything that involves processing and storing personal data. Customer personal information includes their names, email addresses, physical addresses, and any other personally identifiable information, or PII. Handling personal data is a big responsibility for any business, and since GDPR was first introduced in 2018, the way businesses handle and store PII has changed for the better.
Overview of the legislation
GDPR is based on seven principles of data protection and eight data privacy rights for customers. The principles of data protection:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
And the 8 privacy rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights relating to automated decision-making and profiling
These principles and customer rights combine to make a powerful framework for storing and handling data, designed to keep everyone safe and everyone’s personal data secure from hacks and cyber attacks. With email and phishing scams on the rise, data must be kept safe to ensure customer trust. Some of the most common questions we are asked as an online business are about personal data, and how it is stored. Here are just a few of them.
How is my personal data stored?
Most personal data is stored like any other data: either digitally on a local or cloud drive, and sometimes physically on paper. Online storage options like OneDrive or Google Drive are common cloud applications being used all over the world and are popular due to their ease of access and user-friendly nature. The cloud data is then held in data centres and protected by robust cybersecurity principles.
How can I tell if my data is secure?
There is no single answer to this because security is always about the weakest link. Ask yourself if the website is requesting excessive amounts of personal data and review its privacy policy to understand how any data you do share is going to be stored, processed, and more importantly who they are going to share it with.
Can I forward an email with personal data in it?
We don’t recommend forwarding emails that contain personal information or data. You need consent from the original sender, and if you’re still not sure then consider removing the personal data before forwarding.
While forwarding an email is not illegal, mishandling any personal data within it is in breach of GDPR and can result in hefty fines — even if you didn’t mean to. Some companies choose end-to-end email encryption to make sure everything sent within and outside the company is safe — check out our previous blog all about cybersecurity to find out more about encryption.
As a website owner, am I complying with GDPR?
Have you conducted a Data Protection Impact Assessment (DPIA) on the data you are storing? The outcome of that assessment will often help to define any additional compliance requirements. The UK Government’s appointed Information Commissioner’s Office offers a quiz and checklist which are a great starting point. You will need to pay special attention to what the ICO identifies as ‘special category data’, this includes, among other things, personal data about an individual’s racial or ethnic origin, their sexual orientation, or data about their health. Special category data requires that you meet some specific conditions before processing it and you will need to keep records and consider any risks associated with processing it before you do so.
You’re in safe hands
We take your privacy seriously and only collect what we need to get in touch with you, such as your name and email address. In fact, those details never leave the immediate business and can be deleted or anonymised if you ask us to remove your details. We have a comprehensive privacy policy that covers what personal information we collect from you and why. We know that it’s the little things that matter — like knowing your data is in safe hands when you work with Infotex.
For more information on how we look after your data, check out our privacy policy and revisit past blogs on cybersecurity and cloud storage.
