Short answer: Businesses should identify, collect, store and delete personal data in accordance with GDPR requirements. This includes obtaining consent, protecting data during storage and ensuring proper deletion when data is no longer needed.
How to process personal data?
With EU‘s data regulation GDPR in May 2018, and similar laws in other parts of the world, there has been a lot of focus on processing personal data according to the rules. In addition, there is the ethical aspect of dealing with individuals’ personal information as a company. This blog post should act as a guide to processing personal data correctly, so that you can protect the personal data you have, including your customer data and employee data.
What does GDPR say about processing of personal data?
When sensitive data enters your systems, inboxes and shared drives, you as a company must process personal data in accordance with the data rules that apply to you. In the UK, you are subject to the data regulation UK-GDPR, which gives individuals a number of rights:
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to object
- Right to data portability
Each of these rights gives more power to the individual citizen and makes organisations all the more responsible for their processing of personal data.
In addition to the processing of sensitive personal data, GDPR makes demands on your organisation, documentation and data security. We have created a GDPR checklist if you want help to comply with the entire GDPR directive.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
How to process personal data
If you transfer the GDPR into practice, you can say that there are a number of situations that your company must focus on when you process personal data:
1. Identification of personal data
The first step in processing personal data correctly is to identify the sensitive data your company handles. This will help you get an overview of your sensitive data. Read more about how you can find your sensitive personal data here.
2. Getting consent
According to the GDPR, it is necessary to obtain consent from individuals before you process their data. This consent must be clear, voluntary and informed. You should develop a consent collection policy and ensure that it is followed consistently. Read more about getting consent for processing of personal data here.
3. Storage of personal data
Protecting personal data when it is in your data systems is essential. Your company should implement appropriate security measures such as encryption, access control and regular security audits. It is also important to have a plan for how you will respond to data leaks should they occur. Read more about secure storage of personal data here.
4. Requests for personal data
GDPR gives individuals the right to make requests for their data. As a company, you must have procedures in place to receive and respond to these data requests and respond within a set time frame. Read more about handling data requests here.
5. Sharing of personal data
Individuals have the right to access the data you have about them. As a company, you must have a secure way to share personal data.
Start your privacy cleanup with the big picture
A GDPR Risk report gives you a complete overview of the privacy risk in your company. The report is based on a scan with DataMapper.
The smart way to process sensitive data
An obvious way to start a responsible processing of personal data is to make a comprehensive inventory of the data the company processes. This involves the identification and classification of all types of personal data, such as health information or financial information. One way to do this effectively is by using a Sensitive Data Discovery tool. By using this tool, a company can quickly and precisely identify where personal data is hidden in the company’s systems, whether it is in files, e-mails or images. This gives the company a clear overview of which data is processed and enables a more targeted effort in relation to handling personal data responsibly.
FAQ on processing of personal data
What is personal data?
Personal data is any information that can be attributed to an identified or identifiable natural person, such as name, address, email or IP address.
How do we store personal data securely?
Secure storage of personal data involves implementing technical and organizational measures to protect data against unauthorized access, loss or destruction. This may include encryption, access control and regular security assessments.
When should personal data be deleted?
When personal data is no longer needed for the original purpose, it should be deleted in a secure manner. It is important to have procedures for regularly reviewing and deleting data that is no longer relevant.
What are the consequences of not complying with the GDPR?
Non-compliance with the GDPR can result in significant fines, loss of reputation and trust among customers and business partners.
How we can help
Processing personal data in a responsible way involves a lot of manual work. The use of software can make the task easier. Here are three types of software I would recommend for the purpose:
DataMapper – Find your sensitive data
ShareSimple – Send and receive data securely in Outlook
RequestManager – Process data subject requests easily
These tools can save valuable time for your business and protect you from data breaches. It gives your customers confidence that their data is safe with you.
Read more
Sebastian Allerelli
Founder & COO at Safe Online
Sebastian is the co-founder and COO of Safe Online, where he focuses on automating processes and developing innovative solutions within data protection and compliance. With a background from Copenhagen Business Academy and experience within identity and access management, he has a keen understanding of GDPR and data security. As a writer on Safe Online's Knowledge Hub, Sebastian shares his expertise through practical advice and in-depth analysis that help companies navigate the complex GDPR landscape. His posts combine technical insight with business understanding and provide concrete solutions for effective compliance.
