The GDPR imposes new rules on companies, government agencies, non-profits, and other organisations that collect and analyse the data of EU residents.
The primary objective of the GDPR is to give individuals greater understanding and control over data stored in their name by any organisation. Much of the GDPR builds on the current data protection laws which Upshot is compliant with. However, the GDPR does bring in some changes that affect both Upshot, as a Data Processor, and our clients, as Data Controllers.
What is Upshot doing to prepare for GDPR?
Over the last few months we have been preparing for the introduction of the new regulation.
The actions we are taking to prepare the system include:
- Improving the ability to erase personal data of an individual, or the pseudonymisation of an Attendee to a sufficient degree.
- Ensuring personal data can be supplied in a machine readable format for data portability – while this is already possible we will ensure that this meets GDPR requirements.
- Ensure mechanisms for how personal consent is sought, recorded and managed throughout Upshot is GDPR compliant.
- Update the mechanism for presenting privacy information throughout Upshot.
Alongside system developments, we will be updating both our T&Cs and Data Processing Obligations.
We have also taken a number of operational measures, which include:
- Updating our Organisation and User Terms and Conditions (including our Data Processing Obligations)
- Introducing an updated Data Protection Policy and Clean Desk Policy for staff
- All staff have passed a GDPR Staff Awareness E-learning Course
- Three staff members have become GDPR Champions and have achieved the EU GDPR Foundation (EU GDPR F) qualification (ISO 17024-certificated)
The aim of the changes we will be making are twofold, firstly to ensure Upshot is GDPR compliant as a data processor and secondly, to further assist organisations (data controllers) to use Upshot in a GDPR compliant way.
To find out more about the difference between a data processor and a data controller, we advise reading this ICO guidance. For information on your responsibilities as a data controller under GDPR please see the ICO GDPR Guide and we strongly advise you seek independent advice.
If you would like to get ahead of the curve and want help sorting out and tidying up your data, do get in touch!
Starting from £272 + VAT our Upshot Support Team can work with you and help.
Please contact our Support Team on Support@upshot.org.uk to discuss your needs.