General Data Protection Regulation (GDPR) is something that applies to everyone, including businesses. Delta 74 Private Investigations understands that following the GDPR principles is absolutely paramount, which is why we have put together a guide that outlines everything you need to know about General Data Protection Regulation.
Businesses have to follow strict rules regarding the handling of sensitive and personal information and in order to make sure this continues to happen, there needs to be robust processes in place that all employees need to follow.
GDPR is specifically designed to protect individuals from being approached or contacted by third parties without permission. If the rules and guidelines of GDPR are not followed, then legal action can be taken and your company could face considerable fines.
GDPR is far more effective than the Data Protection Act (1998) predecessor. It has brought in a whole wave of brand new rules and regulations that businesses need to learn and adhere to. The thing to note, however, is that there are some new guidelines in place that you might not be aware of.
For example, ‘personal data’ includes a far wider range of information, including names, telephone numbers, addresses, registration plates and even people’s faces appearing in photographs without permission, but privacy when it comes to photography comes with its own set of rules.
In addition to that, data processors are also required to comply with GDPR, although they weren’t required to follow the rules of the Data Protection Act (1998). Businesses residing outside of the EU will also have to adhere to GDPR rules if they’re offering goods and/or services to the EU, although this could change with the implementation of Brexit.
Consent from individuals must be obtained specifically and explicitly by way of ensuring the individual ticks ‘opt in’ and ‘opt out’ boxes, for example. There is also a new ‘right to be forgotten’ rule that applies to GDPR but not to the Data Protection Act (1998). Not to mention, there are far tougher penalties if these rules are not obeyed.
There are six principles to GDPR that need to be followed to the letter in order to mitigate any legal action against you for breaching GDPR. Along with the following six principles, you need to think about accountability. Accountability isn’t a core principle, but it’s just as important as it underpins the six principles of GDPR, which are:
1. Fairness, lawfulness & transparency – you need to be honest, transparent and fair with the people who you’re taking personal information from and subsequently processing
2. Purpose limitation – you need to be completely open with those who you’re taking information from with regards to the purpose of that personal data
3. Data minimisation – you must only process the information you have been given if it’s absolutely necessary and needed to make a decision
4. Relevancy & accuracy – the personal data will need to be kept up to date and be as accurate as possible, where applicable, such as for medical records
5. Storage limitation – the personal data for an individual should only be kept for as long as is necessary
6. Integrity & confidentiality – the data you’re holding on someone needs to be kept safe and secure at all times
As private investigators, we collect personal data without the knowledge of our data subject. In the event of surveillance and people tracing, our subject’s data collection is passed to them post collection if they want it. If not, they are clearly made aware that we have collected their personal data. It is also only stored for as long as necessary and deleted as soon as possible.
The data subject/subject of our investigation is able to use their rights within GDPR to get full access to the collected data on them and their right to be forgotten, which has been implemented numerous times.
As private investigators, we must comply exactly with the six principles and be mindful of proportionality in relation to people’s expectation of privacy. Here, Human Rights Legislation also comes into effect where the public can expect privacy within their own home, for example, and the level of evidence to be collected is to be proportionate to the level of intrusion caused by covert surveillance.
What this means is that if someone is strongly believed to be committing serious crimes, we can act in order to gain evidence which would breach that expectation of privacy because without that expectation, they would not act in such a way. Domestic abuse would be the example in this instance where an abusive person would not commit abuse in the knowledge they were being recorded doing so.
For tracing people where personal data, including home addresses, email addresses and phone numbers, is collected, we MUST use post trace consent whereby when we find someone, we must ask them permission to disclose their details to our client.
GDPR applies to:
Delta 74 Private Investigations are pleased to be able to provide a wide range of discrete PI services in Derby and the surrounding areas. We will always handle your case in a highly-sensitive and dignified manner, ensuring you’re provided with the answers you need. We’re able to offer background checks, cheating partner investigations, lie detector testing, people tracing and more. If you would like further information about how our professional, fully-trained private investigators can help you today, get in touch with a member of our team – we’re always pleased to hear from you.