February 9, 2018

GDPR and Researchfish – 20 Million Reasons to Take Notice

 

 


“People have never been so aware of what their personal data is, and never cared so much about how it is used. The law is changing to reflect that,” Christopher Graham, The Information Commissioner

After four years in the making and a two-year transition period, the EU General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. This affects any organisation that collects and uses personal data – of which Researchfish is one of many.

20 Million Reasons to Take Notice

Speaking back in 2016, the Information Commissioner Christopher Graham outlined why (20 Million Euro fines being the number one concern, as well as brand damage and breach of trust) organisations have to comply with data protection:

“The EU data protection reforms promise to be the biggest shake up for consumers’ data protection rights for three decades. Organisations simply cannot afford to fall behind. We know data protection officers understand this, and we know they sometimes find their views ignored in the boardroom. The new law gives directors 20 million reasons to start listening.”

At the same time, the ICO published guidance that outlined how, although much of the new GDPR’s concepts and principles were the same, new developments mean that organisations who collect personal data will have to do some things differently.

What will Researchfish be doing differently as a result of the forthcoming GDPR?

As we have always taken every step to ensure that your data is safe and have complied with all data protection legislation the only differences are purely housekeeping. Upon logging into the Researchfish Impact & Evaluation Hub you will be presented with the updated Terms and Conditions that state what data is collected, how it is used and who can access it, plus an updated privacy and cookie policy. Both these documents are available in the footer of every page within the platform.

In addition, we have recently been recommended for ISO 27001 Certification (a standard that provides a model for keeping data safe) and annually our systems are rigorously tested by third-party, professional penetration testers.

We have many lines of defence against unauthorised access to the platform and we, like many Software as a Service providers, are subject to continual ‘bot’ attacks on a daily basis. We routinely test for potential points of weakness and keep the platform up to date with the latest patches. One can never say never, but rest assured we always have, and always will continue to keep your data as safe as possible, irrespective of legislation (that by definition we are fully compliant to).