The General Data Protection Regulation (or GDPR) has replaced the Data Protection Act 1998 and now applies to all businesses that use or store data.
The new Regulation updates Data Protection rules for the 21st century, in line with the ongoing move to cloud-based services and service providers. It is intended to ensure that all parties with access to Personal Data (information that can be matched to an individual, usually because it includes Personal Identifying Information (PII)) act responsibly and in the service and interest of the persons who are the Data Subjects.
What does it mean for PropCo Clients?
PropCo Clients are Data Controllers. You decide what information you take from your customers, contractors, employees, etc. and record it into PropCo, and you decide what you want to do with that information. PropCo primarily processes Personal Data based on Contracts you hold with your customers, but it can also be configured by you to Process Data in other ways (e.g. via workflows, data feeds, or custom reports). For thisyou may need to rely on an alternative Legal Basis for Processing.
PropCo already contains options to allow you to check and record Consent for additional Data Processing activities you may want to set up, and we are enhancing this with our next release. We will be working with you to ensure your Legal Basis for Data Processing is correctly documented so that you and we can fulfil our mutual obligations under the GDPR.
Areas of consideration for Data Controllers are:
- Legal Basis for Processing (e.g. Contract, Consent)
- Customer Access
- Protection
Our plans as a Data Processor
The regulations state that data protection protocols must be built into any system that processes personal data.
PropCo released an enhancement to the system (Release 20) to increase its conformity with the new regulations, ready for May 2018.
This update addresses the new responsibilities we have as the Data Processor while also introducing functionality designed to help you manage your own obligations. This includes the ability to maintain GDPR-compliant records of consent for specific data processing activities and to respond to data subject requests from your customers or contractors.
Have any questions?
We want to hear from you to make sure that your particular question or request is catered for where possible. If you have any specific requirements due to the nature of your business operations, or simply to discuss the obligations in more detail, please contact us at sales@propco.co.uk.
