What is the GDPR?
On 25 May 2018, the most significant piece of European data protection legislation in 20 years came into force when the European Union’s (EU) General Data Protection Regulation (GDPR) replaced the 1998 Data Protection Act (DPA). The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe. It also sets out higher standards for companies as to how they protect that information which they process or control.
Now the GDPR is in effect, all companies processing and holding the personal data of subjects residing in the EU must comply with it, regardless of location. It is also worth highlighting that Brexit does not affect this.
What were the key changes in the GDPR?
The GDPR includes several requirements that benefit data subjects, mandate increased control and transparency, and adds robust accountability requirements as well as significant fines for violations – up to 4% of global revenues or 20 million Euro, whichever is greater. Key differences in this data privacy regulation include stronger conditions for data subject consent and obligations for data processors as well as data controllers, with obligatory contractual terms between the two. The GDPR also requires organisations to include data protection in the initial design of systems, a concept known as ‘privacy by design’.
How does this affect you?
The GDPR fundamentally changes how you can process and handle your clients’ data. In summary, you must:
- Make sure you know what the GDPR is and how it affects your business.
- Have the correct security and controls in place to ensure your clients’ data is safe at all times.
- Be transparent and open to your clients about what data you are using, how and why you are using it, can access it and for how long.
- Be able to demonstrate that you have relevant policies in place to back this up.
You will typically act as the data controller for any personal data you provide to any third party systems like Genovo. As the data controller, you determine the purposes and means of processing any personal data, whilst Genovo (the data processor) processes data on your behalf.
As a data controller you are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. It is essential you know where and how your clients’ data is being stored and who has access to it. If you use any third-party systems like Genovo to hold, collect or process data, you will need to establish if their security controls, accessibility policies and the location of their servers satisfy your GDPR requirements.
How does Genovo help its customers meet their obligations?
At Genovo, we are committed to helping our customers with their ongoing data protection journey by providing robust privacy and security protections built into our services and contracts. We take the security, privacy and protection of data very seriously. When you use the Genovo application you provide information on your clients which needs to stay private and confidential. This is why we take firm, proactive steps to ensure the information that we process for you is kept safe, secure and locked away.
We encrypt all yours and your clients’ personal information using state of the art encryption algorithms to protect against a breach to your clients’ or your personal data held within the Genovo application.
Everyone on the Genovo team has entered into a confidentiality agreement, meaning they are committed to keeping all personal data safe and secure. Always.
Our Data Protection Policy contains further information about our commitment to protecting personal data in accordance with the UK GDPR requirements. This is available on request.
Last updated: 10 March 2023