GDPR is the biggest change to data protection law for over 20 years. GDPR stands for General Data Protection Regulation, it is the EU’s legal framework that sets guidelines for the collection and processing of personal information of individuals. To give the public greater control over how their data is used. It introduces tougher fines for non-compliance and data breaches, and gives people more say over what companies can do with their data. The EU’s aim is to give businesses a simpler, clearer legal environment in which to operate. GDPR will apply to any organisation irrespective of size which processes and holds the personal data of people residing in the EU. The new legislation applies to both data “controllers” and “processors”.

CONTROLLERS

…are organisations who collect the data and specify how it is used and processed. Typically, this would be a business or charity with databases of customers and supporters.

PROCESSORS

Pollards are a processor as are print and mail on behalf of our customers (controllers). We have put into place strict processes for the control and management of data. In particular, any data that can be used to identify a particular individual, including: name, ID number, location data, or computer IP address.

WHAT RIGHTS DOES THIS LEGISLATION GIVE THE INDIVIDUAL?

• THE RIGHT TO BE INFORMED
• THE RIGHT OF ACCESS
• THE RIGHT TO RECTIFICATION
• THE RIGHT TO ERASE
• THE RIGHT TO RESTRICT PROCESSING
• THE RIGHT TO DATA PORTABILITY
• THE RIGHT TO OBJECT
• RIGHTS IN RELATION TO AUTOMATED DECISION MAKING & PROFILING

Importantly, any organisation storing personal details, needs to review how they are going to store that information securely. Companies undertaking email and e-commerce campaigns will have to gain the consent of the customer. Under GDPR regulations, companies can only process and store customer’s data legally under the following circumstances:

• CONSENT
• VITAL INTEREST
• PUBLIC TASK
• LEGITIMATE INTEREST
• CONTRACT
• LEGAL OBLIGATION

To gain consent from a customer, they must be given a clear understanding as to how their data will be used and ask them to opt in. Forms must be clear and easy to understand with no pre-tick boxes with the opt out box kept away from other small print.

WHAT HAS POLLARDS DONE?

Pollards has taken its duty as a Data Processor and Data Controller very seriously and has invested a great deal of time and money updating our systems and processes for data management and security. We are able to provide a totally secure data management system:

• Secure receipt of data with an exclusive upload portal
• Secure receipt of data with an exclusive upload portal
• Secure encrypted storage, processing and management of data
• Secure encrypted storage, processing and management of data
• Secure proofing via a tailor made online proofing platform
• Secure proofing via a tailor made online proofing platform
• Supply of mailing report once the job has been completed
• Supply of mailing report once the job has been completed
• Secure removal of mailing data once job has been invoiced
• Secure removal of mailing data once job has been invoiced

 

CYBER ESSENTIALS SCHEME: OVERVIEW

Cyber Essentials is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. It focuses on key controls to help protect data and reduce the risk of cyber-attack.

IASME

Pollards has chosen to adopt the Information Assurance for Small Medium Enterprise (IASME) standard. IASME is one of five companies which has the right to act as an Accreditation Body for Cyber Essentials scheme. It has been recognised as the best cyber security standard for small companies by the UK Government. Under the scheme organisations are audited for key controls such as physical security, data management, staff awareness and document policies. These controls were identified by the government as the best way to prevent cyber-attacks on organisations.

USEFUL DOCUMENTS