The new EU General Data Protection Regulation (GDPR) which came into force on the 25th May 2018 impacts every organisation which holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, stricter enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.
In essence, the GPDR puts into practice its six underlying principles to protect the individual and the personally identifiable information (PII) or data.
- Lawfulness, fairness and transparency.¬†Lawful: Processing must meet the tests described in GDPR [article 5, clause 1(a)]. Fair: What is processed must match up with how it has been described. Transparency: Explain to the subject what data processing will be done.
- Purpose limitations: Define what it is being used for and not be used for other purposes.
- Data minimisation: Only store what is required.
- Accuracy: The data is accurate
- Storage limitations: No longer than necessary.
- Integrity and confidentiality: It is held securely and, if stored online or in the cloud, it is encrypted by default.
Manor House Music has been working to meet the GDPR requirements.
To date, we have:
- Researched what GDPR entails and ensured that we understand what data on individuals should be held or not.
- Reviewed all client data held by and on behalf of Manor House Music.
- Ensured that the data held is necessary and accurate.
- Ensured that the data is behind several strong security walls at all points and that the cloud servers provide adequate encryption.
- Reviewed all passwords and security on all computers and ensured that all passwords are strong enough to protect data as far as reasonably possible.
- Committed to regular password changes to ensure breaches do not occur.
- Manor House Music will regularly review data to identify which data is no longer needed and will delete it if necessary.