General Data Protection Regulation
General Data Protection Regulation (GDPR) applicable from 25 May 2018 replaced the Data Protection Acts 1998 and 2010 (DPA); most of the new changes focusing on Accountability & Transparency. As a ‘Data Processor’ under the DPA we are registered with the Information Commissioner (ICO) and have been since 2004 (reg. no. Z9774305) and therefore continue to ensure current DPA compliance.
You the end client, the ‘Data Controller’, will be aware certain obligations will fall upon you irrespective of how you are having your work processed. EZ Smart is here to assist you on your journey to achieving full compliance. We have gone the extra mile to ensure you are given extra peace of mind as we are proud to confirm in May 2019, we have been awarded the ISO 9001 & 27001 accreditation the industry standard for information governance.
What you should do as the Data Controller?
As Data controllers, you will have responsibilities to ensure correct processes are in place when holding personal data. Our designated Data Protection Officer (DPO) can assist you with any queries regarding compliance.
EZ Smart moves towards a Limited-Disclosure Policy
One of the most effective safeguards will always to promote the use of a Limited-Disclosure Policy (LDP) when sending audio to EZ Smart. Although our processes will continue to be robust and fully compliant with GDPR, we would recommend and encourage the use of Unique Reference Numbers (UNR) on data Subjects/individuals. This will ensure the data sent out is generic and cannot be attributed directly to any individual.
The ICO has confirmed that “Anonymous data can be freely transferred without complying with the DPA rules on international data transfers. And under the GDPR, as long as the data is anonymised so that it fails the definition of ‘personal data’ (i.e.. it cannot be used to identify an individual person), the same applies.” – There are several processes you can adopt to anonymize data with minimal changes to your current systems.