Cryoserver hosted an event in early November for our customers, whiched served both as a showcase for the release of our new Version 9, but also as a GDPR panel session. The event was hosted at global law firm DLA Piper’s London offices, and a European law expert from DLA Piper, James McGachie, joined Robin to answer some topical questions playing on the minds of our customers.
We broadly covered three main areas of the legislation: Personal Data, SARs and FOI requests, and the Right to be Forgotten.
“If the data you processed came under the jurisdiction of the DPA, then in all likelihood you will also be liable under GDPR. Therefore, if you are compliant with the DPA, you will also be compliant with the GDPR.”
“The GDPR presents a great opportunity to vet your data processing procedures. Look at old mailing lists, out-of-date company records…do you need to be keeping this data?”
SARs and FOI
“These requests can prove arduous to fulfil for most businesses. With the introduction of a 30-day deadline and scrapping of the £10 fee deterrent, companies need to be prepared to deal with higher volumes of these.”
“Requests can be refused if they are excessive or unfounded. Open a dialogue with the data subject to ensure they are specific and concise in their requests.”
Right to be Forgotten
“It can be difficult to determine just how much data you need to delete to satisfy this right. You can make a case to keep any records that also contain business-critical data, such as email correspondence”
“There’s no blanket policy for this regulation – you should address each request on a case-by-case basis, ensuring again that you communicate with the data subject to understand their requirements”