In May 2018,the GDPR came into force。This is a regulation set down by the EU that oversees the way that companies use the data of citizens of EU. In practice, it has meant that almost every business across the UK has had to make changes to that way it stores data and documents containing personal information.

Also read:GDPR In The Workplace And How To Implement It

If you are not currently compliant with the GDPR’s rules and this is discovered, you could face heavy fines. It is important, then, to understand exactly how the GDPR is changing the way that businesses store, uses and destroy data and documents.

The rights of the individual become the important factor

The most important and overarching change that the GDPR makes in terms of data and document storage is that the rights surrounding that datashift to the individual and away from the company。If your businesses handles, stores or uses any kind of personal data that can identify a person – from their IP address to their banking details – they have far more rights over that data that was previously the case.
例如,个人有权知道其数据的哪些方面是存储的以及它是如何使用的。这迫使许多企业联系到人员并重新确认他们很乐意以某种方式存储和使用的数据。

Also read:How To Protect Yourself From HR Data Loss

但是,知识不是个人唯一的新权利。也是如此,一个人可以请求随时从公司的数据库中删除或销毁的数据 - 即使他们先前有允许保存数据的许可。此外,它们可以请求他们的数据更改或修改它正在使用的方式。本规则的例外是公司可以提供合理的原因,以便他们需要保留个人数据。

您信任的软件和服务

These changes surrounding the rights of individuals mean that businesses have had to make significant changes to their practices. For example, as it is the case that individuals can now request full details on what data of theirs a company holds, it is vital that there is software and structures in place that the data of an individual can be recalled immediately. Additionally, it must be possible to have this data deleted without ‘undue delay’.

Additionally, remember that if your business is responsible for the data you need to complete faith and trust with any external services that you use, as well as the software that the data is stored on or used with. Remember that if you suffer a breach you need to make anyone whose personal data was at risk of being stolen aware of this在72小时内。如果您目前使用没有此功能的软件,您可能需要对自己的系统进行更改或完全更改软件。

Physical document destruction

When we think about the impact of the GDPR on businesses, it is common to focus on digital data as this is the type that is most often affected by the regulations. However, it is important to remember that the GDPR takes a broad view and oversees all forms of data – this includes physical documents. If your business is still in the habit of using paper copies of a document that contain personal data then you need to ensure that you are also disposing of documents correctly.
这是一个你需要小心的地区。不要以为粉碎文件是安全的,然后用其他办公垃圾扔掉它们。犯罪分子通常利用这种懒惰的练习,并窃取垃圾袋,目的是检索碎片的文件并获得信息。
Under the GDPR is vital that businesseshold a destruction certificate表明文件已以正确的方式遵守规则。请记住,数据泄露具有类似于物理副本的后果,因为它们是在GDPR下的数字副本,因此您需要确保正确遵守法规。

Image viapexels.com.