The development and introduction of new technology has been one of the key drivers for the GDPR and data protection regulations.
New software and technology means large quantities of personal data can be processed, transferred and shared quickly and easily. Artificial Intelligence (AI) and automated profiling allows much greater characterisation and segmentation of individuals and enables better targeting and more informed decision making.
The GDPR helps ensure tech and software organisations respect and protect individual data. To achieve compliance, special consideration must be given to defining the purpose the data is used for, understanding and mapping all data flows from the outset, managing data transfer with third parties and across borders and clearly and transparently defining how individuals’ data is used by them.
This page explains what data protection legislation means for software & technology organisations and the key areas they need to consider when managing personal data.
WHAT DOES THE LEGISLATION MEAN FOR SOFTWARE & TECNOLOGY ORGANISATIONS?
Like all other organisations, software & technology organisations must:
- Access the data stored on them
- Ensure it is correct and modify it as necessary
- Have it deleted (unless needed for legitimate reasons)
- Are a public body
- Process data on a large scale
- Use the data for profiling or automated decision making
IMPORTANT DATA PROTECTION CONSIDERATIONS FOR SOFTWARE & TECHNOLOGY ORGANISATIONS
Software & Technology organisations must protect personal data in a wide range of their operations. Some major considerations include:
Mapping data flows
- Clearly defining the purpose that the data is used for
- Limiting the use solely to the purpose
- Managing consent
- Transparently explaining how the data is used to all users
- Adopting privacy by design principles
Sharing data with others
- Transfers with 3rd parties
- Data transfers outside the EU
- Data processing and data sharing agreements
Handling large quantities of data
- Appointing a designated DPO
- Profiling and automated decision making
- Maintaining network and server security
- Data encryption
- Email systems
- Staff payroll, pension and HR records
- Visitors’ book, access and CCTV
Identifying Personal Identifiable Information
- IP addresses
- GPS Data
- Cookies and tracking pixels
Policies and agreements
- Privacy, retention and data protection policies
- Staff handbooks
- Data sharing agreements
- Data processing agreements