Across the EU, the General Data Protection Regulation (GDPR) is just a few months from coming into force. It is set to change the way data can be collected, stored and used and will impact all businesses - bespoke software development companies are no different. If it’s an area you’ve not yet considered, we’ve identified the seven key terms that you should be assessing.
First up, what is GDPR and why is it something that matters to all businesses?
The GDPR is EU-wide regulation that will be coming into force on 25 May 2018, following a two-year transition period. It aims to strengthen and unify the regulations that relate to personal data.
The extensive regulation covers a variety of different areas, from how the data is collected to begin with to when it should be deleted. It extends to cover existing data too.
It’s a change that businesses need to be aware of, not least because of the potential sanctions they face should they fail to adhere to GDPR. While first time offenders and those found to have non-intentional non-compliance will receive a written warning, the sanctions can reach up to €20 million or 4% of annual worldwide turnover.
Why does GDPR matter to software development companies ?
Like all businesses operating in the digital era, software development companies are very likely to hold some forms of personal data. If you’re a company that writes data centric web or mobile applications or if you are a business that holds customer data, GDPR will influence the way you should be operating.
With just weeks left until GDPR comes into effect, it’s time to assess your current procedures and how they will need to adapt.
Whether you’ve yet to consider the impacts of GDPR at all or you’re refining your changes, there are seven core areas that software development companies should be focussing on. With the right blueprint moving forward, you can be sure that you’re ticking all the GDPR compliance boxes before the deadline.
The protection of personal data is what underpins the GDPR. Assessing what personal information you collect, and hold is the first step to understanding exactly how much the changes will affect your business operations.
The term personal data encompasses a huge selection of data that can either directly or indirectly lead to a person being identified. This means that data such as full name with address, phone number, email address, bank details, medical data, social networking websites, and computer IP address are all considered personal data. The majority of businesses hold at least some form of personal data.
Under the existing Data Protection Act (DPA), there are already rules relating to the data controller, the individuals that process personal data. The role of data controllers is going to be under even more scrutiny. To ensure that you’re GDPR compliant you need to consider who currently has access to the personal data that you store and whether it’s necessary. In some businesses, you may find that you’ll need to change data controller privileges or create a tiered system, where some employees can only access limited amounts of personal data.
Like data controllers, the role of data processors will also need to be assessed. Data processors are the third parties that you work with, such as get in touch. We’re an agile software consulting company with a focus on web and mobile application development that understand the rules of GDPR.