Skip to main content

Processing of personal data

With the European data regulation GDPR in May 2018, and similar laws in other parts of the world, there has been a lot of focus on processing personal data according to the rules. In addition, there is the ethical aspect of dealing with individuals’ personal information as a company. This blog post should act as a guide to processing personal data correctly, so that you can protect the personal data you have, including your customer data and employee data.

Did you know that data leaks that include personal data lead to customer loss and impact on business sustainability? (Ponemon Institute).

GDPR on personal data

When sensitive data enters your systems, inboxes and shared drives, you as a company must process personal data in accordance with the data rules that apply to you. In the UK, you are subject to the data regulation UK-GDPR, which gives individuals a number of rights:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to object
  • Right to data portability

Each of these rights gives more power to the individual citizen and makes organisations all the more responsible for their processing of personal data.

In addition to the processing of sensitive personal data, GDPR makes demands on your organisation, documentation and data security. We have created a GDPR checklist if you want help to comply with the entire GDPR directive.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

How to process personal data

If you transfer the GDPR into practice, you can say that there are a number of situations that your company must focus on when you process personal data:

1. Identification of personal data
The first step in processing personal data correctly is to identify the sensitive data your company handles. This will help you get an overview of your sensitive data. Read more about how you can find your sensitive personal data here.

2. Getting consent
According to the GDPR, it is necessary to obtain consent from individuals before you process their data. This consent must be clear, voluntary and informed. You should develop a consent collection policy and ensure that it is followed consistently. Read more about getting consent for processing of personal data here.

3. Storage of personal data
Protecting personal data when it is in your data systems is essential. Your company should implement appropriate security measures such as encryption, access control and regular security audits. It is also important to have a plan for how you will respond to data leaks should they occur. Read more about secure storage of personal data here.

4. Requests for personal data
GDPR gives individuals the right to make requests for their data. As a company, you must have procedures in place to receive and respond to these data requests and respond within a set time frame. Read more about handling data requests here.

5. Sharing of personal data
Individuals have the right to access the data you have about them. As a company, you must have a secure way to share personal data.

Start your GDPR cleanup where it is needed the most

Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.

The smart way to process sensitive data

An obvious way to start a responsible processing of personal data is to make a comprehensive inventory of the data the company processes. This involves the identification and classification of all types of personal data, such as health information or financial information. One way to do this effectively is by using a Sensitive Data Discovery tool. By using this tool, a company can quickly and precisely identify where personal data is hidden in the company’s systems, whether it is in files, e-mails or images. This gives the company a clear overview of which data is processed and enables a more targeted effort in relation to handling personal data responsibly.

How we can help

Processing personal data in a responsible way involves a lot of manual work. The use of software can make the task easier. Here are three types of software I would recommend for the purpose:

DataMapper – Find your sensitive data
ShareSimple – Send and receive data securely in Outlook
RequestManager – Process data subject requests easily

These tools can save valuable time for your business and protect you from data breaches. Finally, it gives your customers confidence that their data is safe with you.

I hope this guide was helpful to you in improving how you handle sensitive data. If you want to know how I personally would clean up our sensitive personal data, click here.

Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →

Contact me today


How to handle sensitive personal data


How to find personal data with datamapping tool


How to prepare for a data audit