General Data Protection Regulations 2018
- Date: Thursday 23rd November 2017
- PDF: Download
This month, we will focus on data protection in relation to the systems and databases that you use within your Company.
Within the scope of the GDPR there is a legal requirement called “Privacy by Design”, which requires employers to consider data protection requirements when a new system or database is being created.
The data protection element of a system should not be seen as an “add on” as has often been the case in the past. Instead when designing a new system (or updating an existing one), data protection should be included and fully considered from the outset at planning and design stages. The GDPR identifies this requirement as an effective way to, “meet the requirements of this Regulation and protect the rights of data subjects.”
If you are considering either a system upgrade, a new database or setting up spreadsheets with shared access and multiple users you need to start with data protection in mind.
Article 23 calls for:
- Those inputting data and data controllers to only process data that is necessary for the completion of their duties as this will minimize the amount of data in use.
- Keeping to a minimum all access to personal data
- Keeping to a minimum the number of people processing data
For further information on this and other elements of GDPR please see the EU’s official website on the GDPR: http://www.eugdpr.org/the-regulation.html