Are your IT systems GDPR compliant?

New GDPR legislation - in force from 25th May - is clear about an organisation’s need to handle personal data responsibility - only holding what’s required and limiting access and use.

By Mark Hope, managing director, StoneHouse Logic

Those that don’t comply are subject to both substantial fines and reputational damage, so it’s important that you can trust the system that’s holding any data related to your customers, prospects and employees.

It’s essential that your systems have some way of restricting access to the information it holds, granting permission only to authorised individuals. Better still, many software producers have updated their services to be GDPR compliant.

We recommend the Sage line of products, particularly Sage 200. It’s an enterprise resource planning system helping SMEs manage the full range of business functions, including inventory, accounts and CRM.

But while this (and software like it) is a very valuable tool for collecting and analysing data, it’s only as effective as the user. GDPR states that you must delete all non-relevant data held on individuals, and that’s your responsibility. (We have published a guide to doing this in Sage - contact me for a free copy.)

Another important factor is the security of your customer’s credit card and payment details. We don’t recommend handling credit card details yourself. SagePay, for example, syncs perfectly with Sage 200 and offers an advanced level of encryption and security.It’s also important to note that outsourcing your data doesn’t relieve you of any responsibility - it’s up to you to ask questions of any third party handling information on your behalf.