As of May 2018, the Data Protection Act will be replaced by the General Data Protection Regulation (GDPR). Being a regulation rather than a directive, this means that it becomes part of the law and signals a required change in approach to how individuals' access and control the data that is held on them.
In our role of Data Processor, Circle are working towards ISO 27001 to ensure compliance in everything we do. We will also be taking a pro-active approach to our clients' security and practices too, helping them prepare for the new regulation.
GDPR support services to our clients
As part of the services we will provide to our clients, we'll be delivering a series of bulletins starting in early 2018. These will provide security advice and best practice that organisations' might want to adopt, covering elements of CRM and website configuration and useful, general advice around security policies and processes. We’ll also be keeping you updated on the measures we’re adopting in-house.
For Circle’s hosted clients, we’ll be carrying out regular system audits, either annually or more frequently if required. These will be looking at things like regularly reviewing roles/permissions, the processes you have in place around handling data received via online ‘sign-ups’ and the relevance of contacts receiving any direct mailings. If you would like more information please contact us.
Work behind the scenes to make CiviCRM compliant
The CiviCRM community are producing a ‘GDPR communications extension’ that will introduce changes to the communication preferences enabling individuals to better control their personal data as specified in GDPR guidelines, ensuring directives are met. The extension is expected to be completed by February 2018 – we’ll be applying this to all CiviCRM sites we host.