FROM DIAL-UP INTERNET MASTERS TO LEADING DIGITAL MARKETING AGENCY IN DEVON Every digital marketing…Read More
HOW THE OPTIX DIGITAL ACADEMY CAN ADDRESS THREE URGENT ISSUES FACING EVERY BUSINESS AND EMPLOYEE…Read More
What we can learn from Facebook’s UX Overhaul. When a high profile platform like Facebook,…Read More
I thought I’d start a new tradition this year, a wrap-up blog showing my 2018…Read More
The subject of GDPR has moved from an almost obscure subject into one of the key business change issues facing all businesses.
GDPR: Separating Fact from Fiction for SME’s
What is Personal Data?
Personal data is anything that could be used to identify a real person. It could be anything from a photograph of a real person, an email address, facebook, links to bank details and medical information – this constitutes as personal data.
What does consent look like?
Firstly there’s no more hiding in long ambiguous terms and conditions. If you’re asking a person for data that could be used to identify that person, then explicit consent must be given to your business. The EU GDPR guidelines state that it must be as easy to withdraw consent as it is to give it.
This could be as simple as an unsubscribe button in an email for generic data. Or should the data be sensitive, like medical information for example, then you must tell the person to whom the data belongs, how you will use and store that information and then GIVE them the opportunity to OPT OUT easily.
I understand what GDPR is, but what does my Business have to do to be Compliant?
GDPR in simple terms is a business providing evidence of the lawful processing of a person’s personal data. Your business will will need to have evidence that the personal data you have stored, managed etc, has a basis in one of the following:
Consent: the person has given clear consent for you to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
Vital interests: the processing is necessary to protect someone’s life.
Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
Making your SME GDPR Compliant
25th May 2018 is fast approaching so here’s what you need to do:
- Get Started – it isn’t as scary as it is presented
- Don’t let one person be responsible for managing GDPR for your business. Even if you have an SME and little resource, this is a big legal change so do create a team / some time to ensure you're confident in your data process and responsibilities as an SME
- Understand the implications of how personal data is collected, used, managed, stored and disposed of within your business. You could categorise the data you have into a basis as detailed above;
Once you have the data initially organised you can then organise that data by
Use these categories to define the value of personal data to your business.
- Document what you do and any decisions you make, particularly of how you will lawfully process personal data now and in the future.
- Consider your supply chain and ask what they are doing to protect data that is passed to them or received from them. For example staff data for:
- Have your process checked by a legal representative to ensure it’s as thorough as possible and you’re compliant.
We know how confusing it can all be but try not to worry, you’ve got this!
Further support can be found;
Written in collaboration with Augmentum.Read More
We are absolutely thrilled for the Communications Team at the Devon Partnership NHS Trust who have been nominated for an HSJ Value Award in the Communications category for its innovative new website which works ‘with patients, for patients’.
We worked closely with Sharon Berkhout, Communications Manager at the Devon Partnership NHS Trust, and other members of the team, to develop a website solution that put the patient at the forefront. The Trust had several challenges that it needed to overcome, including: a dedicated focus on mental health recruitment and a social media campaign to help drive this and a streamlined help centre service which reduced calls in order to free-up staff and benefit patients.
The website that we created for the Trust incorporated a progressive new site map and navigation functions as well as a ‘help now’ tab for patients, carers and their families.
We also created a dedicated microsite which was designed to strategically aide recruitment for mental health nurses and psychiatrists. The microsite also promoted the benefits of living and working in the South West and the opportunities available.
We implemented a social media campaign through Twitter to drive relevant traffic through to the NHS jobs site.
Here at Optix Solutions we are paving the way towards an innovative digital future for businesses across the South West and we are honoured to have helped such a worthy organisation, such as the Devon Partnership NHS Trust to support patients and their families in Devon community.Read More