The Toolkit

Access free resources that simplify the General Data Protection Regulation (GDPR)

In terms of data privacy, the GDPR is a ‘game changer’ as it introduces new obligations and challenges that companies have never faced before. The objective of the Regulation is to protect EU citizens in the current digital world by giving individuals greater control over their personal data through new or enhanced rights.

This means if your company stores or performs any action on the personal data of an EU citizen, then the rule of thumb is that you must comply with the GDPR. So it is critically important that companies have a good grasp of what GDPR means for them.

We understand that the GDPR is a long, complex piece of legislation and that many business owners are too busy to analyse it in detail, so we have summarised the Regulation into ‘bite-sized’ guides of everything you need to know.

Sign-up free today to explore our articles, tutorials and training materials that will empower you and your staff with the knowledge needed to be GDPR connoisseurs!

GDPR: What you need to knowThe key elements of the GDPR, new obligations and impacts for your company.

The Data Access Gateway tool allows your customers to view and manage their data

The Data Access Gateway tool is the key tool in building healthy, compliant data relationships because it acts an intermediary between you and your customers.

The Data Access Gateway gives your customers access to their personal data and empowers them to manage their data content and consents. By doing so, the tool fulfils individual Rights imposed by the GDPR as well as many obligations that your company has to adhere to.

The Data Access Gateway tool integrates seamlessly - meaning you won’t need to radically change anything. The tool simply adds functionality to your own website and internal technology infrastructure.

Manage customer data in a transparent and compliant way

The GDPR introduces a number of obligations that your company must comply with when managing customer’s personal data.

Firstly, you must facilitate individual personal rights such as these:

  • Right to Notice – inform individuals how their personal data is being used.
  • Right of Access – give individuals access to all data collected about them and provide a copy of this free of charge.
  • Right to Rectification – correct any inaccurate personal data concerning the individual.
  • Right to Erasure (be forgotten) – erase an individuals personal data upon request. Note: some exceptions occur.
  • Right to Portability – send individuals personal data to another service provider in a machine-readable format.

On top of this, companies need to ensure they are complying with the strict conditions set out in the GDPR with regard to capturing and withdrawing customer consent.

The Dataships toolkit helps you stay in control of your Data Governance obligations

According to the new GDPR, the onus is now on your company to ‘implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with the legislation’ – their words not ours!

The GDPR makes regular references to the concepts of ‘privacy by design’ and ‘privacy by default’. It aims to embed these concepts at the heart of every company’s approach to data.

What they mean by this is that company must implement or revise their internal practices to ensure they meet data privacy principles ‘by design’ and data protection ‘by default’.

Some things companies are expected to do as part of this include:

  • - Data minimisation – only collect data you absolutely need.
  • - Pseudonymisation & encryption techniques.
  • - Integration of adequate safeguards into the processing activities.
  • - Maintaining a record of all data processing activities.
  • - Setting up data access permissions within your company so staff only see data specific to their roles and needs.