NetXtra are adopting the ICO’s guidance internally in reviewing our policies and procedures and updating relevant documentation and training in order to demonstrate GDPR compliance. We are doing this in line with their ’12 steps to take now’ guide, available on their website ico.org.uk which provides guidance around the key areas of responsibility affected by GDPR.
As responsibility for protecting individuals’ personal data is now shared between the data controller and the data processor, it is important for organisations to undertake due diligence to ensure that processors are GDPR compliant. We are working with our clients to review where GDPR might impact the services that we provide for them and to facilitate any relevant compliance ahead of the launch of the regulation on 25th May 2018.
For the most part, our systems parse the data from the customer facing website/portal directly to the CRM in use with no personal data being saved to the NetXtra CMS. The website/portal is generally protected by a secure certificate, and information is encrypted to avoid data being vulnerable in that process.
Largely, GDPR requires organisation-wide policies to be drawn up, agreed and implemented, with the outcomes mostly affecting how data is managed, stored and shared, which could impact how you use your CRM and backup processes. We work closely with a wide array of CRM providers who are developing systems based on ‘privacy by design’ best practice so that data storage and access systems are built to ensure trust and minimised privacy risks.
Where the websites and portals that we develop and manage for customers require upgraded changes in consent we are able to advise and guide in this regard. The relevant changes will be made timeously to ensure that organisations meet the required GDPR standard in obtaining and storing data with appropriate permissions and evidence to prove it.
Every system we develop is as unique as each organisations requirements. Our approach to reviewing the ramifications of GDPR has to be equally tailored to individual clients needs and systems. Please contact us if you would like to schedule a review. If you would like to find out more about GDPR perhaps you would like to read our more comprehensive Insight article on the subject.