CEO’s Blog – BigChange – Supporting your GDPR compliance
29th March 2018 - We’ve all received unwanted nuisance calls and SPAM emails, some of us may have suffered from identity theft and fraud too. These are just some examples of the misuse of our personal data.
The General Data Protection Regulation (GDPR) is the European Commission’s way to strengthen and unify data protection for individuals within the European Union and beyond. Whilst the UK may be leaving the EU, the UK has confirmed GDPR will still become UK law. There’s no opt-out from the legislation, it dramatically increases the levels of fines for non-compliance and data breaches, and your systems, processes and data need to be in shape by 25th May 2018.
BigChange is a software and data company that continuously improves information security and uses its flagship JobWatch system to manage its business including personal data. We have our GDPR compliance well in hand, and we’re making available some of the JobWatch tools we’ve developed to help our customers with their compliance.
As a business, a Data Controller, you may be managing data about individuals because they consent to you doing so, or because you have a contract in place. We can help.
Managing data subject consent could be time consuming, GDPR requires that you record a periodic opt-in. JobWatch CRM records which data subjects opt-in, how and when. We will soon release the ability to select a set of people, send them a branded email requesting consent, and record who opts-in. Specifically:
- JobWatch CRM will include a list of Persons that you can filter on criteria including their Group and consent status;
- Select Persons to whom to send an email based on your template; the data subject can click on links to either consent (aka “Opt-in”) or Opt-out to your processing;
- Automatically or manually receive Opt-in requests, and record Opt-in or Opt-out for each Person;
- For one or more Persons, your JobWatch administrator will have the option to mark the Person(s) as “do not process”, or to delete;
- For a Group of Persons, report on the number of consent request, opt-ins, consenting persons, and opt-outs. This report may be used to demonstrate you are managing consent.
All companies using personal data may receive requests from data subject requests. To comply with GDPR, your business has a fixed time to respond. JobWatch supports you in the timely recording, managing, fulfilling and reporting on your processing of data subject requests. Specifically:
- JobWatch CRM Notes can be used to record and track the completion of all Data Subject Requests;
- Your JobWatch administrator can extract a data subject’s personal data into a formatted report, and this may be used as the basis for responding to a Data Subject Access Request;
- Similarly, your JobWatch administrator can extract a data subject’s personal data into an electronic file and this may be used as the basis for responding to a Data Portability request.
Finally, and perhaps most importantly, the GDPR legislation requires that you manage personal data and keep it secure. This may be onerous for many businesses, but perhaps less so for BigChange customers who trust BigChange as its secure Data Processor with a history of information security continuous improvement. We secure all data in Amazon AWS which includes security features that just can’t be replicated with on-premise storage. Additionally:
- JobWatch already has a comprehensive system of user profiles, privileges and constraints defined by your system administrator;
- Furthermore, we are enhancing the logging and reporting of user activities within JobWatch so that your administrator can report on changes to user privileges, and significant data changes.
GDPR – is coming soon to businesses across the UK and beyond; BigChange can help you to comply.
Founder & CEO