Steps to make your application GDPR compliant
Posted By Waqif Ali Nasir | 26-Jul-2018
The introduction of GDPR in EU has changed the way many people use to see the personal data.We as human beings have now become more concerned about how our personal data is being used by the organisatons with whom we share our personal data. With the introduction of machine learning and AI now it is actually scarier to know how our personal data can be used in the wrong ways.
GDPR has not only affected the European citizens but all of the people around the globe.
We are now more protective about our personal data.
With the introduction of GDPR the common people will be having total control over their personal data.
Below are the simple ways through which we can make our application/software gdpr compliant.
1. Check and analyse what kind of data do you store? Do you store any personal data or any kind of sensitive data? Analyse what data is really needed. Try to minimise the need of storing personal data.
2. Proper consent of the data subjects ad in a right manner. Gone are the days where we can use anyone’s personal data without their consent. Under the new law we must need to take proper consent from the subject.
3. Be very specific about the 3rd parties who will be using your data and for what purpose. Clearly define yourself as a Data Controller or a Data Processor. If you are only storing the data then you are a Data Controller. If you are processing the data to a 3rd party then you will be responsible as a Data Processor.
4. Clearly define your IT systems and your work processes. IT system are your those system which is used to store your personal data. It can be anything from even a file cabinet to an internal server. You also need to clearly define the work processes which will be using the personal data.
5. Agreement between the data subjects and the organisations should clearly define how,when and why the data subject personal data is being used. It should clearly define the purpose for the storage of data.
6. The organisations should meet the rights of the Data Suject. For example the data subjects can anytime withdraw their consent,they can ask for the deletion of data,they can even ask what all personal data is being stored,data portability etc.