Has your inbox been bursting with businesses asking you to review their terms and conditions recently? Not sure why this is happening? Don’t worry! We’ve got you covered with our simple guide to GDPR.
What is GDPR?
The General Data Protection Regulation [GDPR] is a significant and wide-reaching new law rolled out by the European Union intended to protect your data. In just under a month this new law will be enforced, meaning potentially large fines for organisations that don’t comply.
Put simply, it means that organisations that hold information about individuals need to comply with new and in some regards, stricter rules. These rules relate to what information is gathered, why it is gathered, how it’s used and stored and how long it’s retained.
Consent & confidentiality
Central to these rules are the important matters of consent, confidentiality and privacy. Each individual needs to agree to data about them being stored and processed. In some circumstances, consent must be explicit, in the sense that the individual “opts in” by giving their expressed agreement. There are also circumstances where gathering and processing personal data can be undertaken with implied consent, such as in the course of providing a service. In other words, it’s necessary and understood by the individual that data is captured and used.
Under GDPR, organisations that gather or use data about individuals will also have new, additional obligations to store and process that information in a manner that keeps it confidential and the protects the privacy of the individual.
It’s not just digital…
Crucially, GDPR doesn’t just concern computers and websites. Any records, including paper documents such as application forms, or assessments are also subject to the new rules.
What is Tuta Care doing to protect sensitive data?
Tuta Care has always been at the forefront of quality assurance and we’re proud of our track record for protecting confidentiality and privacy.
In response to GDPR, we’re updating policies and procedures and providing new, enhanced training and information for office and management staff. We’re also undertaking additional reviews of our databases and procedures.
How will it affect your work?
Inevitably, it’s necessary to gather often personal information regarding your business in the course of providing our services.
Being vigilant is also important; keeping an eye out for sensitive information and constantly ensuring it is well managed and properly protected. Additionally, we need to ensure that we destroy or delete data as soon as there is no further need to retain it.
So, when you receive communications about GDPR or are asked to undergo training, you need to pay close attention.