What is GDPR?
The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.
How is Claritum preparing for it?
Claritum is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards and will comply with applicable GDPR regulations when they take effect in 2018, as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.
The company has two main areas of focus in preparing for GDPR overseen by an internal cross-functional team:
- Building on existing security and business continuity management systems and certifications (including ISO 9001) to ensure our own compliance.
- Product programmes to support compliance for users of our software applications including solutions to streamline the process and drive greater efficiency.
It is important to recognise that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices.
For further details on what Claritum is doing to prepare for GDPR view the full Claritum GDPR Statement.
Personal Data Map
In the Claritum platform there are various places where potentially personally-identifiable information can be entered, who may access it at that point and whether they can set/change it or simply view it.
To find out more information about this please view the Claritum personal data map.
In addition to the usual marketing ‘opt-out’ (which flags contacts as opted out but does not delete), we have provided a ‘removal of consent’ form which alerts us to manually delete the contact’s details.