HOW WE CAN HELP
Microsoft delivers GDPR compliant Cloud data storage.
What is the GDPR?
The GDPR is EU legislation (fully effective in the UK despite Brexit) which together with the Data Protection Act 2018 protects how data is gathered and used specifically in light of modern technological changes. It gives a far more detailed definition of personal data than previous legislation and introduced significant new requirements particularly relating to children’s data and the rights of individuals.
What does it mean for me?
Serious consideration needs to be given to the data organisations store and the reasons for that along with a clear plan for retention / update / deletion of records. A breach of the regulations can come with a fine of up to €20m or 4% of your global turnover whichever is higher.
Key areas to consider include
- Lawfulness of processing
- Individual’s rights
- Accountability & governance
- Breach notification
- Transfer of Data
- Privacy by Design
How can we help?
Data storage & processing
One of the key things all organisations require to ensure compliance is a quality CRM system to securely store and manage data.
Breach Notification / Data Portability
Data is stored in a format that can be easily exported in a variety of formats and in the necessary timescales to comply with data protection requirements.
Help ensure compliance through
- Unique user IDs and log-ons to access the system
- Ability to force re-authentication and/or auto log-off
- Security roles to limit access to specific data
- Daily backups to prevent accidental loss of data
- Audit history logging
- Database level encryption
- Secure cloud data storage removing the need for vulnerable on-premise servers and back-up tapes
- Ability to extract statistical data without the personal data
- Activity scheduling to prompt review/deletion of data
In particular in relation to individual’s rights
- Contact records that can be easily updated and deleted
- Universal search by keyword for ease of updating/deletion
- Ability to flag individual records to prevent processing
- Marketing permission fields to limit methods of contact
- Consent records stored against a contact
- Portal access to allow individuals to update personal data and marketing permissions