The General Data Protection Regulation (or GDPR) has replaced the Data Protection Act 1998 and now applies to all businesses who use or store data.
The new Regulation updates Data Protection rules for the 21st century, in line with the ongoing move to cloud based services and service providers. It is intended to ensure that all parties with access to Personal Data (information that can be matched to an individual, usually because it includes Personal Identifying Information (PII)) act responsibly and in the service and interest of the persons who are the Data Subjects.
What does it mean for PropCo Clients?
PropCo Clients are Data Controllers. You decide what information you take from your customers, contractors, employees etc. and record into PropCo, and you decide what you want to do with that information. PropCo primarily processes Personal Data on the basis of Contracts you hold with your customers, but it can also be configured by you to Process Data in other ways (e.g. via workflows, data feeds, or custom reports) for which you may need to rely on an alternative Legal Basis for Processing. PropCo already contains options to allow you to check and record Consent for additional Data Processing activities you may want to set up and we are enhancing this with our next release. We will be working with you to ensure your Legal Basis for Data Processing is correctly documented so that we and you can fulfil our mutual obligations under the GDPR regulations.
Areas of consideration for Data Controllers are:
Legal Basis for Processing (e.g. Contract, Consent)
Our plans as a Data Processor
The regulations state that data protection protocols must be built into any system that processes personal data.
PropCo released an enhancement to the system (Release 20) to increase its conformity with the new regulations ready for May 2018.
This build concentrates both on the new responsibilities falling on us as the Data Processor and also on adapting and including functionality to enable you self-sufficiency to perform your responsibilities, such as making GDPR compliant records of any particular consents you wish to take for specific Data Processing activities or by responding to Data Subject requests that may come to you from your customers or contractors.
Have any questions?
We want to hear from you to make sure that your particular question or request is catered for where possible. If you have any specific requirements due to the nature of your business operations, or simply to discuss the obligations in more detail please contact me
firstname.lastname@example.org or one of the team email@example.com or by phone 0845 0047 142.