From the 18th of May 2018 all countries in the European Union had to abide by the new General Data Protection Regulation (GDPR). This was approved by the European Parliament and Council and replaced the Data Protection Directive 95/46/ec. These regulations apply to everyone from small businesses to large enterprises and can result in some steep fines if companies are not compliant.
Union Wide Uniformity
The reason for the GDPR is to make sure there are uniform data security laws across all EU members. This means countries no longer have to write their own laws and ensures all laws are the same across the union. To read the full document click https://gdpr-info.eu/
The regulations were brought in to protect people’s personal data when they are online. The GDPR covers data collected about someone that could be used to identify them, this could include:
- Social Media Posts
- Email Addresses
- IP Addresses
- Personal Medical Information
- Phone Numbers
- Date of Birth
- Bank Details
- Passport Number
Any data that could be used to identify an individual, either a single piece, like a name, or many small pieces that add up to identify an individual need to be safeguarded.
There are seven principles of GDPR which are laid out in Article 5: ¹
Lawfulness, Fairness and Transparency
Integrity And Confidentiality (Security)
The only principle that was not included in previous regulations is ‘accountability’. This means companies need to prove they are compliant with the regulations, are documenting how their data is protected and that only people who need access to information can access it.
As the UK is leaving the European Union, it has introduced the UK GDPR to work alongside the Data Protection Act 2018 (DPA). The UK GDPR maintains the data protection standards of the GDPR and the same extraterritorial scope. Therefore, companies based outside the EEA who process UK resident’s data for the purposes of providing goods or services will have to comply with the standards set out in the UK GDPR. Any necessary decisions on the GDPR previously decided by the European Commission, will be transferred to the Secretary of State and/or the Information Commissioner. ²
Trust and Compliance
It is important that companies and individuals feel confident sharing their data with other businesses. Businesses need to demonstrate that they are following the laws as they are set out and are GDPR compliant.
One area that requires people to share a lot of personal information is lone worker systems. As the system needs a worker’s name, phone number and location in case of an emergency, companies need to know their data is being stored securely.
Ok Alone uses personal data in line with GDPR, Article 5, point B ‘Personal data shall be: collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’); ³
Storage and Security
The servers used by Ok Alone are located in Canada and are subject to PIPEDA (Personal Information Protection and Electronic Documents Act). This ensures all data received from customers is kept securely. Ok Alone encrypts their data and uses firewall protection to make sure all information on record is secure. Ok Alone does not share any data or information with other companies.
Ok Alone takes data privacy very seriously, making sure internal access to customer’s personal data is on a need to know basis. All users with access to personal data have individual logins and standard industry security practices are maintained.
Ok Alone customers also have a great deal of control over which people internally see personal data. There are three levels of user access rights for the Monitors, each of which grants different access to personal data. Workers do not have access to personal data. All interaction between Workers and the system occurs through an encrypted connection with the app. Combined, this ensures people’s data stays private.
3 – https://gdpr-info.eu/art-5-gdpr/