GDPR and the Board

What it means, and how to make your reporting process compliant

What’s GDPR and does it concern me?

The General Data Protection Regulation is a new regulation, enforceable from 25 May 2018, which strengthens data protection for individuals within the European Union. Most importantly, GDPR doesn’t just concern European organisations: it applies to every entity which controls or processes the data of EU residents, no matter their location.

What has it got to do with board portals?

GDPR requires new procedures and controls, including an obligation to build-in “privacy by design” in your systems and ask questions such as:
  • Are we storing personal data for the necessary amount of time only, and maintaining it up-to-date?
  • Are we keeping it secure using a level of security appropriate to the risk?
  • Are we transferring it outside the EU, and if so, do we have protections in place?

If you post or email board papers, or if you’re not clear on exactly where and how the software you use processes your data, the answer to these questions is most likely “no”.

By keeping all your sensitive board information up-to-date, safe, and stored in the EU, Board Intelligence helps ensure your organisation is compliant with GDPR — all the way up to the board.

your-data
iso27001

Is Board Intelligence compliant with GDPR?

Under GDPR, it’s your organisation’s duty to ensure third-party vendors process personal data on your behalf in a compliant way — wherever they’re based.

Board Intelligence has been ready from the get-go, thanks to our long-standing belief in in-house technology. We keep all client data secure with UK Government-approved encryption, and store it on private, UK-hosted servers (ISO 27001 & 9001 certified). No external cloud, no shared servers, no data kept outside of the EU, no outsourcing — just the Best of British.

What do I have to do?

Quite a lot, in fact — we recommend using the ICO’s GDPR checklist to make sure you cover everything.

In terms of due-diligence around your board reporting system, Board Intelligence’s legal documentation is up-to-date and includes the mandatory Processor provisions required under GDPR. Do get in touch if you’d like to ask further questions to our legal team.

checklist
timing

How long have I got?

GDPR will go into effect on 25 May 2018.

After this deadline, your organisation could be fined up to €20 million, or 4% annual global turnover — whichever is higher.

The good news: Board Intelligence can be up and running for your board in a matter of days. Just click below to book a free demo and get started.

Disclaimer

This information is not legal advice, and may not be relied on as such. We recommend you consult an attorney for advice on your interpretation of this information or its accuracy.

What you need to know, when you need to know it

Register for our newsletter to get a monthly compilation of our latest chair interviews, governance research, and upcoming webinars and events, along with weekly round-ups of the top news that matter to board members.

Register
Close