The development and introduction of new technology has been one of the key drivers for the GDPR and data protection regulations.

New software and technology means large quantities of personal data can be processed, transferred and shared quickly and easily.  Artificial Intelligence (AI) and automated profiling allows much greater characterisation and segmentation of individuals and enables better targeting and more informed decision making.

The GDPR helps ensure tech and software organisations respect and protect individual data.  To achieve compliance, special consideration must be given to defining the purpose the data is used for, understanding and mapping all data flows from the outset, managing data transfer with third parties and across borders and clearly and transparently defining how individuals’ data is used by them.

This page explains what data protection legislation means for software & technology organisations and the key areas they need to consider when managing personal data.

WHAT DOES THE LEGISLATION MEAN FOR SOFTWARE & TECNOLOGY ORGANISATIONS?

Like all other organisations, software & technology organisations must:

ok2
Be transparent in the way they process personal data and accountable for doing so
ok2
Be able to detect, manage, report and respond to data breaches including, if necessary, liaising with the Information Commissioner’s Offfice (ICO)
ok2
Understand the data they have, where it is stored and who has access to it
ok2
Implement robust processes and procedures to protect personal data
ok2
Allow users, data subjects and staff to:

  • Access the data stored on them
  • Ensure it is correct and modify it as necessary
  • Have it deleted (unless needed for legitimate reasons)

ok2
Appoint a designated data protection officer if they:

  • Are a public body
  • Process data on a large scale
  • Use the data for profiling or automated decision making

A businessman work with his smart phone

IMPORTANT DATA PROTECTION CONSIDERATIONS FOR SOFTWARE & TECHNOLOGY ORGANISATIONS

Software & Technology organisations must protect personal data in a wide range of their operations.  Some major considerations include:

Mapping data flows

  • Clearly defining the purpose that the data is used for
  • Limiting the use solely to the purpose
  • Managing consent
  • Transparently explaining how the data is used to all users
  • Adopting privacy by design principles

Sharing data with others

  • Transfers with 3rd parties
  • Data transfers outside the EU
  • Data processing and data sharing agreements

Handling large quantities of data

  • Appointing a designated DPO
  • Profiling and automated decision making

Data security

  • Maintaining network and server security
  • Data encryption

Administration

  • Email systems
  • Staff payroll, pension and HR records
  • Visitors’ book, access and CCTV

Identifying Personal Identifiable Information

  • IP addresses
  • GPS Data
  • Cookies and tracking pixels

Policies and agreements

  • Privacy, retention and data protection policies
  • Staff handbooks
  • Data sharing agreements
  • Data processing agreements

If you would like to speak to us about any of our Data Protection consultancy services

 

Contact Us

Change your cookie consent