What is General Data Protection Regulation?

General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individual within the European Union (EU).

GDPR applies to ‘controllers’ and ‘processors’.

GPDR does not apply to certain activities covered by Law Enforcement Directive.

Who is covered by GDPR?

As long as a company has clients from UK and they are processing data gathered from UK Individuals, they are obliged to follow GDPR even though they are not located in the UK.

This makes them responsible for an information breach. All processors are required to maintain records of personal data and processing activities.

HOW TO COMPLY WITH GENERAL DATA PROTECTION REGULATION?
These are the things to remember in order to comply with GDPR,

  1. Always follow our policies.
    • Office Policy
    • IT Policy
    • Employee Handbook
  2. Do not bring your own device inside the office if you are not authorized.
  3. Operate and hold information under strict confidentiality especially if you are processing personal information.
  4. Do not leave any papers or writing instruments at your desk at the end of your shift.
  5. Wear your IDs at all times.
  6. Double check the recipient of your email to avoid data breach. Sending confidential email such as containing personal information is classified as data breach.
  7. Do not share your password.
  8. Do not use/install/download illegal copy of software.
  9. Do not access/process/destroy information without proper authorization.
  10. Protect your document. (see instructions below)
HOW DO I PASSWORD PROTECT A DOCUMENT?
You can protect a document by using a password to help prevent unauthorized access. The following guidance is for MS Windows 7 device using MS Office 2010 or newer version.

  1. Click the File tab.
  2. Click Info.
  3. Click Protect Document, and then click Encrypt with Password.
  4. In the Encrypt Document dialogue box, type the password then click OK.
  5. In the Confirm Password dialogue box, type the password again then click OK.

Passwords are case-sensitive. Make sure that the CAPS LOCK key is turned off when you enter a password for the first time. Remember, if you lose or forgot the password, there is no way to recover the password once it has been lost.

HOW TO ACQUIRE PROPER AUTHORIZATION?
There are many ways to acquire proper authorization.

If it is related to destruction of data, ask your supervisor and compliance officer in order to prepare the certificate of destruction. Destruction of information needs to be reviewed by the management in order to avoid legal liabilities.

If processing personal information is directly related to your work, then all you have to do is to operate under strict confidentiality and maintain privacy.

If you are planning to access information, ask your supervisor and state the purpose.

Take note that whichever you plan on doing, it is best to requires proper documentation.

WHAT SHOULD YOU DO WHEN YOU LOST YOUR ID?
Inform your supervisor and HR to get information on how to get a new one.
WHAT TO DO IF YOU SENT EMAIL CONTAINING DATA TO UNINTENDED RECIPIENT?
Recall the email as fast as you can.

After recalling, inform our Data Breach Response Team/IT Department for them to conduct initial assessment.

Wait for instruction from the Data Protection Officer or Compliance Officer for Privacy for the next instruction.