EVC MARKETING
  • About
  • Services
    • Social Media Management
    • Content Creation
    • Search Engine Optimisation
    • Website Development
    • Reputation Marketing
    • Video Creation
    • Email Marketing
  • News & Info
  • Contact



GDPR - what you need to know

18/1/2018

 
General Data Protection Regulations (GDPR) regulations become law on 25th May 2018.

The law is applicable EU-wide including the UK post-Brexit and involves ANY company that collects/processes/stores or uses the personal data of EU/UK individuals and includes direct mail, print and third party suppliers who may have, or require, access to the data you hold.
 
This includes timeshare resorts – and you cannot hide behind your signed contracts and constitutions.
 
Within the legal obligations, it is important that businesses understand the difference between a Data Controller, a Data Processer and a Data Protection Officer.
  • A Data Controller (DC) – Is the business data owner that defines the purpose and means for which the data is collected and processed.
  • A Data Processor (DP) – Is the person or department who processes the data on behalf of the Data Controller.
  • The Data Protection Officer (DPO) – is a defined person (or persons) with responsibility for monitoring compliance, employee inclusion and company obligations to maintain records of data processing activities and to map how data is collected, why, how it is processed and stored and who has authorised access.

The DPO should trace the flow of data within the business and external third-party suppliers to ensure compliant systems and processes.
Picture
The law is specifically changing focus to prioritise the individual’s rights including the right to be informed (of any data breach) and the right to be forgotten (erasure of data) which may be subject to the “legitimate interest” exemption e.g. clients who have financial commitment etc.
 
Data security and privacy must be by design and a documented process must be in place. There is a 72-hour timeline requirement for data breach notifications and responses to individual subject data requests.
 
Remember that individual employee laptops, or any data removed from the office premises, must have encryption of data to be compliant.
 
In addition, there is the option to streamline existing data – to actively erase data when no longer required – which will deliver a more lean, focused and targeted data contact opportunity.
 
Third party suppliers may need to have a security level or data processing agreement.
 
Finally, as part of the process your resort needs to consider employee GDPR options and employee awareness training so that they understand what is required of them going forward when handling personal data.
 
In short – a business needs to operate a higher standard of data security.
 
If you require any information on making your practice GDPR compliant, contact EVC Marketing now.

    Archives

    November 2023
    August 2020
    June 2020
    March 2020
    December 2019
    October 2019
    June 2019
    March 2019
    February 2019
    January 2019
    August 2018
    May 2018
    March 2018
    January 2018
    November 2017
    April 2016
    March 2016
    December 2015
    November 2015
    September 2015
    July 2015
    June 2015
    May 2015

    Categories

    All

    RSS Feed

Services

Social Media Management
Content Creation
Search Engine Optimisation

Website Development
Video Creation
Reputation Marketing
Email Marketing

Company

About
Contact
Privacy Policy
Cookie Policy
Terms of Use


Contact

T: +44 (0) 208 123 9273
T:
+1 239 444 8176
M: +44 (0) 7725 673437
M: +1 246 263 8247
S: EVMCollins

© COPYRIGHT 2023  ALL RIGHTS RESERVED.
Photos from Filip Patock, Got Credit
  • About
  • Services
    • Social Media Management
    • Content Creation
    • Search Engine Optimisation
    • Website Development
    • Reputation Marketing
    • Video Creation
    • Email Marketing
  • News & Info
  • Contact