SteadyHOPS and the GDPR
Published: October 14, 2018
Last Updated: September 23, 2020
The General Data Protection Regulation (GDPR) and Data Protection Act of 2018 (DPA) are complex, in depth, complementary legal documents which act as a code of conduct for businesses involved in the processing of personal data. Henceforth these regulations will be referred to as the GDPR. There are many aspects of compliance with these regulations and the best place to keep up to date and understand aspects of compliance is the Information Commissioner’s Office’s (ICO) Guide to General Data Protection Regulation. This article highlights the aspects of compliance that SteadyHOPS provides.
The GDPR outlines several underlying principles that guide both the regulation(s) and your compliance with them. They are:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitation
- Integrity and confidentiality (security)
Compliance with some of these principles must be covered through organizational, technical, and procedural elements that all come together to form a privacy by design approach. SteadyHOPS is a commercial solution that assists with compliance of certain aspects of the GDPR and most notably applies to the accountability principle.
The accountability principle states that organizations must take accountability for their role in protecting the personal data of citizens and compliance with the regulations. It is the organizations responsibility to put in place the appropriate measures and maintain records of compliance. SteadyHOPS serves as the main touch point when corresponding with citizens regarding their personal data and it’s processing and provides record keeping of the in-system interactions you make when complying with the regulation and fulfilling various requests from citizens as part of compliance with the regulation. In short it can help you demonstrate your compliance with the accountability principle in the event of a reported privacy concern and subsequent investigation.
SteadyHOPS Data Subject Request Portal
The GDPR grants certain rights to citizens regarding their personal data. Some of these rights include the right to make certain requests of a data processor, for which the processor must comply. These include:
- Right of Access Requests
- Right to Rectification Requests
- Right to Erasure Requests
- Right to Restrict Processing Requests
- Right to Data Portability Requests
- Right to Object Requests
- Right to Challenge Automated Decision Making or Profiling
Your organization should develop a process for handling each of the request types internally and ensure it’s documented. Documenting compliance is a key aspect of GDPR, and we will be covering each of these request types in depth in future articles. Requests must be fulfilled, or a notification of additional processing time must be sent to the requester within 30 days of the initial request. SteadyHOPS can provide an online electronic touch point for citizens to interact with your organization regarding these requests. This ensures a request is captured in writing and the system allows you to seamlessly document the way the request was complied with and the timeline for fulfillment. A data privacy request portal is a great way to show that your organization has invested in compliance with the regulation and provides a means to demonstrate accountability and transparency in your organization. For more information take a look at our product page.
Free Email Course:
Launching Your B2B Digital Marketing Program
Enroll in our free digital lead generation crash course. A 60 day email series with twice a week emails walking through the journey of how to launch your digital marketing program and generate more B2B leads from your website. Unsubscribe at any time.
Have you heard about the Cybersecurity Maturity Model Certification (CMMC)? It’s a universal standard meant to enhance and normalize cybersecurity throughout the Defense Industrial Base (DIB). Released on January 31, 2020, CMMC will affect about 300,000 companies that do business with the U.S. Department of Defense (DoD). These include contractors who engage directly with the…
This article will discuss how a one way hash function can be used in the context of privacy compliance for regulations like the GDPR. Storing customer’s personal data is an inevitability for scaling businesses in today’s technical world. One way hash functions are a useful tool to store sensitive customer data such as passwords and…
Throughout the process of launching and running Tortoise and Hare Software these past 3-4 years there’s one thing that I’ve gotten consistently good feedback on. The brand! People who aren’t shopping for marketing, and have no relationship to the company will regularly come up to me at trade shows, or comment on my business card,…
Generating leads for your MSP can be a challenge. You spend so much time managing employees, making sure customer support tickets are answered, procuring hardware, and defending against cyber threats, there’s hardly time to worry about networking and doing things like posting on social media. However, you’d like to grow faster, and due to some…
Search Engine Optimization (SEO) is one of the most important ways to attract new business for mid-market managed service providers (MSP). If you look at MSPs that have achieved any sort of meaningful scale and grown to the 10MM ARR mark and beyond, you will almost always see a significant portion of their growth came…
Tortoise and Hare Software is a boutique B2B tech marketing agency. We help companies like MSPs, SaaS providers, cybersecurity firms, and other technology service providers launch their digital marketing programs and generate inbound leads.