SteadyHOPS and the GDPR

SteadyHOPS and the GDPR
Home » Blog » SteadyHOPS and the GDPR
Table of Contents
    Add a header to begin generating the table of contents

    The General Data Protection Regulation (GDPR) and Data Protection Act of 2018 (DPA) are complex, in depth, complementary legal documents which act as a code of conduct for businesses involved in the processing of personal data.  Henceforth these regulations will be referred to as the GDPR. There are many aspects of compliance with these regulations and the best place to keep up to date and understand aspects of compliance is the Information Commissioner’s Office’s (ICO) Guide to General Data Protection Regulation.  This article highlights the aspects of compliance that SteadyHOPS provides.

    Accountability Principle

    The GDPR outlines several underlying principles that guide both the regulation(s) and your compliance with them. They are:

    • Lawfulness, fairness, and transparency
    • Purpose limitation
    • Data minimization
    • Accuracy
    • Storage limitation
    • Integrity and confidentiality (security)
    • Accountability

    Compliance with some of these principles must be covered through organizational, technical, and procedural elements that all come together to form a privacy by design approach.  SteadyHOPS is a commercial solution that assists with compliance of certain aspects of the GDPR and most notably applies to the accountability principle.

    The accountability principle states that organizations must take accountability for their role in protecting the personal data of citizens and compliance with the regulations. It is the organizations responsibility to put in place the appropriate measures and maintain records of compliance.  SteadyHOPS serves as the main touch point when corresponding with citizens regarding their personal data and it’s processing and provides record keeping of the in-system interactions you make when complying with the regulation and fulfilling various requests from citizens as part of compliance with the regulation.  In short it can help you demonstrate your compliance with the accountability principle in the event of a reported privacy concern and subsequent investigation.

    SteadyHOPS Data Subject Request Portal

    The GDPR grants certain rights to citizens regarding their personal data.  Some of these rights include the right to make certain requests of a data processor, for which the processor must comply.  These include:

    Your organization should develop a process for handling each of the request types internally and ensure it’s documented.  Documenting compliance is a key aspect of GDPR, and we will be covering each of these request types in depth in future articles.  Requests must be fulfilled, or a notification of additional processing time must be sent to the requester within 30 days of the initial request.  SteadyHOPS can provide an online electronic touch point for citizens to interact with your organization regarding these requests.  This ensures a request is captured in writing and the system allows you to seamlessly document the way the request was complied with and the timeline for fulfillment.   A data privacy request portal is a great way to show that your organization has invested in compliance with the regulation and provides a means to demonstrate accountability and transparency in your organization. For more information take a look at our product page.

    Share This Article
    Tagged: ,

    Hunter Nelson

    Hunter is the founder and president of Tortoise and Hare Software, a digital marketing agency for B2B technology companies. Hunter has more than 10 years’ experience building web applications and crafting digital strategies for companies ranging from scrappy startups to Fortune 50 household names. When not on the clock, you'll find him spending time with his family and pups, relaxing on the beach, or playing competitive online video games. See LinkedIn for more.

    Leave a Comment