28th August 2018
You may think that GDPR has gone quiet, but we know it’s still a topic that’s being researched due to the popularity of our blog post, ‘Is your SharePoint implementation GDPR compliant?’
So, we’ve put together an updated post that covers
We’ve put together a quick terminology run through for you:
If your data contains information about people in the EU, then you need to comply. If you may store EU data about people, then it’s worth implementing the processes now to make the transition less stressful once you have the data.
The Information Commissioner’s Office breaks down handling the data into two categories – controllers and processors.
Your business will undoubtedly have gone through this process of identifying data stored and handled within the business earlier this year and found many sources of data that GDPR applies too.
From HR data with passport information and photos of employees, past and present, to technical support data for customers, and a CRM system for existing customers and prospects.
ICO says that:
Personal data only includes information relating to natural persons who:
A combination of identifiers may be needed to identify an individual.
That’s easy. The customer using SharePoint owns the data.
Example: We’re responsible for our data stored on igroup’s SharePoint platform, but our customers are responsible for their data stored on their platforms we host. Microsoft and igroup are the custodians.
That means it’s the responsibility of your business to maintain the data you store in SharePoint.
The beauty of Office 365 and SharePoint working together allows for integration between the platforms, so users can share, store and work on data together.
SharePoint is a flexible platform that enables your business to create and manage the processes required to stay GDPR compliant and store the information, provide security around the information and allow the collaboration to manage the data.
Your business will have put in place processes to handle your data earlier this year.
Probably in some form of a document containing all your sources of data, assessing the purpose of the data and the categories they relate too (reference Article 30), privacy notes such as reasons for keeping the data (reference Article 6 & 9) and consent with the method, date and proof along with the many other areas that need to be covered.
But, if they haven’t already, they also must consider how they handle enquiries about the data.
To date, you may have received little to no requests which have side-lined the urgency of recording those enquiries but it’s something you should consider.
Traceability of each task you complete achieving the required outcome to process the data appropriately and as requested, is as important as carrying out the task.
There are other tools out there such as CRM systems with service ticket modules you might consider, but they don’t offer the full flexibility that SharePoint does such as the collaboration on records and the ability to keep the entire process in one place, and implementation of the system will take time and money.
SharePoint allows you to classify your data referencing your GDPR policy, and ensure that your environment is secure, safeguarding the data and that access is kept to a minimum.
Did you know: If you comply with ISO27001, the international information security standard, then you’ve covered off a good portion of GDPR preparation, but this does not ensure full compliance.
The answer to staying compliant is governance. Managing data requires rules and processes aligned with security settings.
Creating a risk register using SharePoint to document your continuing assessments will help answer future enquiries.
Look to record information about impact assessments and data breaches, retention policies, and requests for data.
Making a list of each potential interaction with the data and determining who will carry that out and who is responsible will enable governance to be carried out.
And don’t forget to document and share that information with all employees!
Currently, there’s no perfect solution. The ICO is still issuing continued advice and does anticipate in the future an accredited system.
But SharePoint goes a long way to enable your business to comply now, allowing you to capture all data and set up the workflows/processes you need to help you manage that data without paying out for an intermediate solution.
Our sales team are all technical Microsoft & Amazon specialists that have a background in Azure, AWS, SharePoint, development and Office 365. If you need advice and want to talk through your options, the team are on hand to provide free advice and next steps. Call 0203 697 0302Contact us
Call now on 0203 697 0302 to speak to a member of our team