Gaps in complying with GDPR
We are a US-based Disabled Veteran Owned Small Business and recently picked up a chance to provide our services to a UK company. Our primary questions are:
1) We only keep employee name and employee email, and vendor name and email and IP address for same. Currently, we do not encrypt any of that data but only use it within our software.
2) We use Rackspace's standard security setup for our servers and biometric physical access.
Where are the gaps?
Assign topic to the user
From January 2021 the UK is no more part of the EU so you should comply with the UK GDPR instead of the EU GDPR if you are planning to offer services in the UK. Luckily, the UK GDPR is mirror legislation of the EU GDPR so regulation is pretty identical.One gap is encryption which is considered a common technical security measure, then you should inform the data subject and keep a register of processing activities, just to mention essential activities.
Here you can find more information on how to start implementing GDPR in your business:
- 9 steps for implementing GDPR https://advisera.com/articles/9-steps-for-implementing-gdpr/
If you want to learn how personal data are processed under the EU GDPR you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Mar 10, 2021