FAQs: GDPR and MAM Software
What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. The law comes into effect on 25 May 2018 and places greater obligations on how you handle personal data. Non-compliance with GDPR may result in a heavy fine.
What does the GDPR mean for my business?
Regardless of your company's size, you will have to comply with new regulations regarding the secure collection, storage and usage of personal data. If you hold and process personal information about your customers, employees or suppliers, you are legally obliged to protect that information.
What is personal data?
Personal data is one or more elements of data that can be used to identify a living person. For example, Name, address, email, telephone number. Please refer to the official definition located on the ICO website.
What do I have to do for GDPR?
The GDPR is wide-ranging and will require the adoption of data-management policies throughout your business. To comply with the GDPR you must meet a number of requirements. These include:
- Only collect information that you need for a specific purpose
- Keep it secure
- Ensure it is relevant and up to date
- Grant rights to the subject of information, including:
- Allow the subject access to the information on request
- Comply with a subject's 'right to be forgotten' and erase personal data upon request
- Only hold as much data as you need, and only for as long as you need it
- Remove personal data where there is no compelling reason for its continued processing
- Seek consent to store the information you hold
If you want more help and guidance on the GDPR, you can find valuable resources at the Information Commissioner's Office (ICO) website.
Who is responsible for GDPR compliance?
The GDPR applies to 'controllers' and 'processors'. If you collect personal data, you are a controller. If you store this information on an MAM cloud solution, then MAM Software is a processor.
As a data controller, you will have the primary responsibility for ensuring that processing activities are compliant with the law. As a data processor, MAM Software's role is limited to the more 'technical' aspects of the GDPR, such as data storage, retrieval or erasure.
Can MAM help me with my GDPR compliance?
You might think that the GDPR is an IT issue, but most aspects have nothing to do with software. GDPR compliance cannot be met with just software tools or updates, it will require changes at an organisational level.
If you use an MAM cloud solution, we have an obligation to maintain the confidentiality, integrity and availability of the information we hold for you. We are already ISO/IEC 27001:2013 certified for information security management, as are our hosting partners. We are currently updating our policies and contracts to meet GDPR requirements and reflect our data privacy and security commitments to you. We will be issuing addendums to your contract agreement to include certain terms and information required by the regulations.
To support your efforts to comply with the GDPR requirements, we will also be introducing two new services to remove customers' data from your system. Our right to be forgotten and data purging services will delete and mask personal data to ensure the required information is removed from your system.
Both services can be requested through our normal support channels*. As the data controller, you will be required to determine which contacts are to be removed. Please be aware that some information may need to be retained for tax or legal purposes.
Where can I get assistance?
If you require help achieving GDPR compliance, we have partnered with qualified GDPR Practitioners, Agenci Ltd. They provide a range of data and data protection services including GDPR planning and delivery, ISO 27001 certification and cyber security support.
*Current software and supported users only. Current software is limited to Autopart v20, Autopart v30, Autopart Online, Trader, Trader Online and Autowork Online.
This content is provided for informational purposes only and should not be viewed as legal advice or relied upon to achieve GDPR compliance. We strongly recommend that you engage with a qualified professional to discuss your individual circumstances and provide specific advice on how to achieve GDPR compliance for your organisation.