What is GDPR?
The General Data Protection Regulation (GDPR) is a new set of laws on data protection and privacy for all individuals within the European Union. It is intended to strengthen and unify data protection for those within the European Union and aims to simplify the regulatory environment for business so both citizens and businesses can fully benefit from the digital economy. Any company, big or small, will have to comply with the new regulations regarding the secure collection, storage and usage of personal information which will apply in the UK from 25th May 2018.
Who does GDPR apply to?
The GDPR applies to processing carried out by organisations operating within the EU more specifically ‘Controllers’ and ‘Processors’ of data. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. The controller could be any organisation, from a profit-seeking company to a charity or government. A processor could be an IT firm doing the actual data processing. Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU residents.
Why is GDPR important to you?
With an increase of data breaches reported in 2016 and 2017 it should be no surprise that there is a need for greater data protection. Compliance is not a choice and is not just a matter of ticking a few boxes; the regulation demands that you be able to demonstrate compliance with the data protection principles otherwise you could be fined up to 4% of your turnover. With the appropriate compliance framework in place, not only will you be able to avoid significant fines and reputational damage, you will also be able to show customers that you are trustworthy and responsible which will derive added value from the data you hold.
For most businesses, GDPR introduces a few main changes. First, you need to have consent from a customer to process their data. As the Information Commissioner’s Office (ICO), the independent body responsible for upholding information rights, puts it:
“Consent under the GDPR must be a freely given, specific, informed and unambiguous indication of the individual’s wishes. There must be some form of clear affirmative action – or in other words, a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity.”
Individuals have more control over their data. They can request that you provide them, for free, a copy of all data that you hold on them and they also have the right to be forgotten. An individual can request that you delete their data and stop processing it.
How will Focus assist you in our software to comply with GDPR?
In all of the Focus software products, RENT, EASY, SHOP and OFFICES, there will be a simple and easy way to mark each record as having provided consent for you to hold and process their data. On each of the relevant files, there will be a bright button containing the letters “GDPR”.
Our software uses a traffic light colour scheme to clearly indicate if consent has been given. If there are multiple email addresses on a record and none have been consented, the GDPR button will display in RED. If only some have been consented for, the GDPR button will turn AMBER and if all the email addresses have been consented for it will turn GREEN.
What helps enormously is having the correct data inserted into the correct fields in the first place. No more putting telephone numbers or dates in fields that are there for email addresses or some other purpose, as we’ve noticed some of our clients do! If you need help with this, just ask. We’d be delighted to assist.
We recently migrated to Microsoft Azure, one of the best cloud based solutions globally which has given us improved software performance and security. Employees and other insiders pose a significant threat of unauthorised access to personal data, so securing access is an important defence. To access the portal on our cloud, you are required to enter a unique username and password.
To further strengthen your GDPR compliance, the RENT software provides password protected security levels for users in the system which range from access level 1 through to 5. These can be set up at your request with any password you would like. RENT also provides you with the ability to password protect diary entries and the deletion of transactions.
The ability to send out bulk emails is a crucial function for property agencies of all sizes. Now because of the GDPR, you will need to ask every individual in your list to re-subscribe. Our systems can aid this process with a batch email facility where you could send to your clients’ information about how you will be dealing with the new regulations. Without this help, it could be a lengthy and tedious process for you and your company.
To talk to us about GDPR in general and the security of our systems, or any other aspect of our software, give us a call on 0871 250 0021 and ask to speak to one of our support team members, or Callum Samuel today.
Focus Micro Systems
Property Software Developers Dedicated to Protecting You and Your Customer