What is GDPR?
GDPR, The General Data Protection Regulation is the legal framework for the protection of personal data. This officially comes into effect on 25th May 2018. This replaces the existing Data Protection Act 1998.
This includes the previous guidelines set out which were part of the Data Protection Act, but goes much further looking at raising the level of security, control and validation in place for handling data.
As more and more activities take place online using personal data, the regulation looks at how this data is managed throughout its life cycle.
Regardless of how large or small your company is GDPR will affect you.
Companies from May must be able to display that they are complying with the new regulation.
The UK’s decision to leave the EU will not affect the requirement for companies in the UK to comply with GDPR.
What is ESP doing to support the GDPR regulation?
- Development work has already commenced in making amendments to the Elite and Elite Live software
- Our Elite Live communications development will include functionality to address the customers right to be forgotten
- We will be creating the ability for users to manage their own communication preferences online via Elite Live communications
- We will be releasing new versions of the software to assist our customers in meeting the GDPR requirements
- We will provide timely updates of progress made to our customers
- It is advised that any customers running AML or earlier versions of our software for online bookings should contact their ESP account manager to discuss upgrading to Elite Live, as amendments relating to GDPR will only be made to Elite Live application and not any earlier versions
Should you have a technical question you wish us to investigate as a scope of work, please can you document this in full to your account manager to enable us to quote for the associated costs for completing this scope of works with you.
What do Companies that use data have to do?
All companies should be reviewing polices and procedures in place for the use and storage of customer data. These include:
- Consider how they store personal data both electronic & manual, and what safe guards are in place
- Consider how to provide evidence that the customer has given consent for their data to be used. The company must also be able to allow the customer to amend their preferences, which will include the customers right to be forgotten
- Consider how passwords are used and controlled within the business
The regulation is very complex, therefore, reviewing internal policies and procedures will take time and resources. ESP would always recommend that you obtain the appropriate legal guidance from a qualified GDPR consultant.
The ESP Elite & Elite Live software alone will not make your company compliant with GDPR, but will allow the company to create internal procedures around the software, as the regulations cover the entire business including all the internal routines in place relating to the use and storage of personal data.
The overall responsibility for GDPR compliance will sit with you, to ensure your procedures and polices comply with the Regulation.
Useful link for all Companies preparing for the New Regulation
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr