What is GDPR?
The new EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and impacts on every organisation which holds or processes personal data. It introduced new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the Data Protection Act (DPA) which it superseded.
How has Claritum prepared for it?
Claritum is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards and comply with applicable GDPR regulations, as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.
The company has two main areas of focus for GDPR, overseen by an internal cross-functional team:
- Building on existing security and business continuity management systems and certifications (including ISO 9001) to ensure our own compliance.
- Product programmes to support compliance for users of our software applications including solutions to streamline the process and drive greater efficiency.
It is important to recognise that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices.
For further details on what Claritum is doing to prepare for GDPR view the full Claritum GDPR Statement.
Personal Data Map
In the Claritum platform there are various places where potentially personally-identifiable information can be entered, who may access it at that point and whether they can set/change it or simply view it.
To find out more information about this please view the Claritum personal data map.
In addition to the usual marketing ‘opt-out’ (which flags contacts as opted out but does not delete), we have provided a ‘removal of consent’ form which alerts us to manually delete the contact’s details.
If people would like access to the information we hold on them, we have provided an ‘information request’ form.