By now you’ve probably heard a lot about GDPR, but have you thought about how it will affect the software you use?
GDPR is one of the single biggest changes to the business landscape in recent years and it’s had many businesses in a twist – including software providers such as sales platforms, email marketing platforms, and any software your keep business data in – probably because it’s hard to imagine a type of business that isn’t going to be affected by it some form.
Software providers have an even greater obligation under GDPR, as like marketers and data analysts, the GDPR also affects the very products and services we provide to you as customers – not just the way we do business ourselves. It’s therefore in our best interest to be transparent and forward-thinking about we’re going to help you manage your obligations under GDPR with our software products and services.
Whether we realise it or not, we buy and use software products produced all over the world – often at the simple click of a button. GDPR is an EU directive – although this doesn’t mean it will go away after Brexit as the UK have already signed into British law.
Ultimately you are responsible for how you manage, process and store personal information under GDPR. The key here is knowing what your obligations are and checking that the software solutions you use or choose to buy going forward will help you meet your obligations. This is rather than the far more risky approach of assuming your software will have you covered when you need it – which could leave you liable for hefty action and fines if anything goes wrong with the software you use.
Why GDPR matters for your software
Good software packages are probably some of the most valuable tools in any business’s kit of tricks – including yours. From customer relationship management (CRM) systems to accounting packages, productivity apps to full-scale enterprise resource planning (ERP) systems, in your business you will likely have a number of software systems that you rely on to deliver you services effectively.
Equally, most of the software you use will have at least some form of personal data in it.
Under GDPR, personal data means any information that can be used to identify a living person – including obvious pieces of data such as names, addresses, contact details, but also more specific data such as photographs, biometric information and voice recordings.
Understanding what kinds of personal information you process and how you store it are the only first steps to getting your business GDPR ready. Thereafter, most best practice guidelines will suggest putting policies and procedures in place to help you manage your relevant obligations under GDPR going forward.
Naturally then, your policies and procedures should also cover how you manage personal information in electronic or digital forms – basically, in software or databases – as well as your paper records.
In a specific sense, this is important for demonstrating how your business meets the GDPR’s explicit requirement for ‘data protection by design and by default’.
In essence, this requirement means that protecting personal data must be at the centre of your considerations where your business undertakes any activity that includes the processing of personal information – including which software you choose to use for doing so.
What we’re going to cover in our blog series
Over the next five blogs, we’re going to cover some of the things you should expect from the current software you use in your business, as well as things to think about for any new software you purchase going forward with GDPR in place.
We’ll be thinking about how software can help you (or not help you) to manage your new obligations under GDPR – including managing subject access requests, cloud services, the right to be forgotten and more.
You’ll pick up helpful tips and things to think about when looking at how you use your current software, as well as what to ask potential vendors when looking at buying new software.