≡ Menu

GDPR compliant software does not exist

GDPR is approaching, prowling behind us, waiting. On May 25, 2018, it’ll pounce. Despite this looming deadline, 52% of companies still don’t feel ready, expecting to be fined for non-compliance.

EU - GDPR - European Union

The compliance struggle is exacerbated by misunderstandings about how software solutions fit into GDPR regulations. Many businesses mistakenly believe that they have (or offer) GDPR compliant software. Sadly, GDPR compliant software just isn’t possible – it doesn’t exist. Howard Williams, marketing director at software development specialist Parker Software, explains.

Jargon, claims, and confusion

By now, most businesses are well-versed on the basics of GDPR. So, we all know that as of 25 May, any organisation that does business with an EU citizen must abide by GDPR. We’re also clear on the fact that any data a business collects that falls under the category of ‘personally identifiable information’ (PII) is subject to the new regulations.

Beyond the basics, however, is a grey area that is causing some companies to panic. As they scramble to ensure compliance by the deadline, it’s natural to look for quick solutions and easy fixes. This is where jargon and claims become rife. You might have seen adverts that make the hot claim of ‘GDPR compliant software’. Without mincing words: this is a lie. Don’t fall for it.

The root of the muddle

Software solutions used to handle PII data are required to follow the principles of Security by Design (SbD) and Privacy by Design (PbD) under GDPR. However, assurance that these principles are being followed are leading to the more general claim of ‘GDPR compliant software’. This is where the confusion is likely to have first arisen. Unfortunately, following SbD and PbD doesn’t make for a GDPR compliant solution. A piece of software, in and of itself, cannot be compliant.

The new regulations also place requirements on both ‘data controllers’ and ‘data processors’. This has added to the misunderstanding on compliant software, as many SaaS companies process the data controlled by their customers. The requirements on data processors means that these companies must also be GDPR compliant – and when they believe they are, they mistakenly claim that they have GDPR complaint software.

Delivering a foundation

Therein lies the crux of the problem: it’s the company that needs to be GDPR compliant, not the software or tools they use. So unfortunately, you can’t just install a software product, press go, and magically become GDPR compliant. All is lost. Some software products (those that do follow SbD and PbD, for example), might be easier to use in a compliant way.  The software is not a compliant entity itself. To reiterate, that job falls on the companies and the correct use of the software. It can, however, make compliance less of a hurdle.

There just is no such thing as GDPR compliant software. Basically, the software products that you use can only provide you with a foundation that will help you achieve GDPR compliance. Ultimately, its up to how you use the software, it’s up to you to understand the types of data the software collects, and it’s up to you handle PII correctly. Think of it this way: a gun is not evil or unlawful, but the incorrect use of it is. It’s the same with software and GDPR compliance.

Be ready for GDPR

If you aren’t compliant by the deadline, your company could face penalties as high as €20million or 4% of your annual global income (whichever is higher). But by knowing the right questions to ask, you can give your company the best chance of being fully compliant with GDPR by the deadline.

So, don’t get caught out by confused or misleading claims of this fictional ‘GDPR compliant software’. When implementing software products, ask whether it will be able to support GDPR compliance, not if it is compliant itself. There might not be any quick fixes, but there’s still time to get ready for GDPR, and still software that can integrate well with the new regulations.

More on GDPR and news.

Hiscox Business Insurance
Pay with monthly direct debits
Qdos Tax Enquiry Insurance
Cover just £99/year

Top Articles

Do I need an accountant for my limited company?
Find out what a limited company accountant could do for you.

Mortgages for limited company directors and contractors Are you self-employed and looking at getting a mortgage?

 

Company Bug Newsletter

Keep up to date with small business news and guides by signing up to the Company Bug newsletter. Sign up now for a chance to win a £50 Amazon voucher. T&Cs apply.