GDPR has hit the headlines recently with two massive fines for data breaches. Firstly, the UK’s data watchdog announced plans to fine British Airways a record £183 million over last year’s data breach, which affected about 380,000 customers’ data. And secondly, the Information Commissioner’s Office announced the international hotel group Marriott were being fined almost £100m after hackers stole the records of 339 million guests.
Following this lack of data security, the Amdaris office hosted a breakfast event with talks from Ed Boal from Stephenson Law on data protection and why it needs to be part of the design process, and our own Sarah Smyth, Group Accountant, on how we implement data protection into our own process here at Amdaris.
Ed Boal shared some top thoughts for developers to consider when to make data protection part of their design process, not an afterthought:
-
Data Minimisation – Think about the personal data you require, don’t collect what you don’t need.
-
Data protection impact assessment – What are the risks associated with the data you are processing, what can you do to mitigate them?
-
Data retention – Consider how long you want to keep personal data, document your reasons.
-
Data subject requests – Think about how you will fulfill requests for people’s data, make retrieving personal data easy.
-
Data deletion – Decide how long you will keep data for, then enforce it. Automated deletion makes life easier
-
Transparency – Be clear about why you need personal information, make sure you have a privacy note.
-
Consent – If you want to use personal data for direct marketing, make sure you get consent.
-
Supplier agreements – If your suppliers process personal data, get agreements in place to cover Article 28 provisions.
-
Third-party services – Review any data collected by third-party API’s and plugins, you may need user consent.
-
Security – Consider how secure your digital product is, the standard is higher if you collect sensitive information.
If you managed to come along to our breakfast event, we’re sure you enjoyed the talks nearly as much as the coffee and bacon rolls. Keep an eye out for events coming up through Linkedin or drop us an email at marketing@amdaris.com if you’d like to attend or even speak.