You have probably already heard of the GDPR by now and have some questions on how to deal with it. The most common question we get is from our clients – who ask us what we are doing to prepare for it.
We’ve put together an overview of the GDPR and what we are doing to get ready for it.
This post is to assist you in using the service we provide, but should not be regarded as legal advice. If you have questions on how the GDPR will affect your business we recommend you seek legal advice from a competent legal professional.
What is GDPR?
It’s the General Data Protection Regulation (‘GDPR’).
It comes into force on 25th May 2018
It places stringent obligations on businesses and directly affects how they collect, store and manage personal data of EU citizens, regardless of whether the data processing takes place in the EU or not.
How does it affect Lincs Process Servers clients?
The GDPR will affect anyone who stores personally identifiable information of any EU citizen. This will definitely include us.
Personally identifiable information can be a name, email, address, date of birth, digital photographs and more besides.
As part of our work we come into contact with this kind of information, either passed to us directly from the client or as part of necessary enquiries we undertake to effect service of documents.
What is Lincs Process Servers doing to prepare for GDPR coming into force?
Like the majority of our industry, we are keen to embrace data privacy and good data security.
We have, for the past few months, been reviewing our procedures to identify areas we could change to make sure we are fully compliant by the 25th May deadline.
We’ve set out below an overview of the changes that we are in the process, or expect to make, over the next few months.
As we now have more stringent obligations in respect of data security (and the fines are far higher), we are changing some of our internal processes to make sure that the service we provide is compliant and limits our clients’ exposure to risk.
We’ve already moved away from some technical solutions who haven’t given us the right assurances that they can continue to work with us compliantly. The biggest change here is our migration to a new CRM platform. To be honest, we’ve been considering it for a while but this has really given us the push we needed. This has caused us a few headaches but will, inescapably, result in a better standard of service to those that want to use us.
We’ve implemented specialist training on GDPR and Data Security and this is a compulsory training requirement for anyone who wants to work for us.
We are continually looking at how we can improve our service and limit our clients’ exposure to risk so this is an ongoing process for us. There will probably a few changes we will make the closer we get to May 25th.
Like everyone else, we will have to change certain features of our website.
We are amending our current Cookies Policy so that it is aligned to the requirements of GDPR and we will be setting out, in a bit better detail, what cookies we use and how we use them.
We are making some changes to the forms we use on the website (such as the Instruct Us form) to make sure that we are capturing consent from our clients that we can use their data in a specific way.
We will be making some changes to the process of working with our clients.
Many of our legal professional clients have already set up Data Processing Agreements (DPA’s) with us.
We expect to be rolling out and entering into DPA’s, for all our clients.
Our Data Protection Officer (‘DPO’) will be responsible for the implementation of all the required changes. They will also be responsible for monitoring compliance with GDPR and other Data Protection legislation.
Our DPO will be Matt Bridge, Director.
The GDPR can be quite complicated to the uninitiated.
There is great advice given by the Information Commissioners Office (ICO), who are responsible for implementing the GDPR legislation.
The ICO is very practical and gives a great overview – including key areas for Data Controllers to consider and get in place for when GDPR comes into force.