GDPR Compliant Private Investigator
New data protection regulations came into effect on the 25th May, 2018, to replace the existing EU Data Protection Directive of 1995. Better known by the acronym GDPR, the General Data Protection Regulation is structured to give citizens more information and control on what personal data is collected and how it is stored and used. The GDPR applies to all companies operating within the European Union and places strong emphasis on the security of data collected together with accountability and transparency of how that data is used.
How Does GDPR Affect Private Investigations?
By its very nature, an investigation involves the collection and processing of information. This can be of a personal or commercial nature and the data collected can be (and often is) extremely sensitive. Before commencing any investigation, GDPR demands a valid and lawful basis in order to collect and process personal data. As GDPR compliant private investigators every potential client’s query must be assessed to ensure these requirements are met. Should this be the case, the next step is to collect any data and information pertinent to the investigation without being overly intrusive or prying into irrelevant and unnecessary matters.
How to Check for GDPR Compliant Private Investigators?
In the United Kingdom, the Information Commissioner’s Office (ICO) is an independent organisation whose role is to uphold the citizen’s information rights. Investigators or investigation firms, who wish to be GDPR compliant, should be registered with the ICO to denote the fact they employ trained data controllers to handle personal data and private information. Registered GDPR private investigators will be listed on the ICO Data Protection Public Register which can be searched on the ICO website. A GDPR compliant private investigator or investigation agency should also have an up-to-date Privacy and Data Protection Policy.
Data Storage and Transfer
Storing and transferring information and data safely and securely is a core requirement for any GDPR compliant private investigator. To achieve maximum security and keep data safe, several safeguards are in operation.
• Information transfer is done by encrypted email
• Emails are password protected
• Passwords are sent via a separate encrypted email
• Investigation details and logs are store on a state of the art secure server
• Case documents pertaining to the investigation are password protected
• Investigators are obliged to destroy any data once an investigation is completed
Upon delivery of the final case report all data and information is promptly destroyed unless there is a legal or personal reason not to do so.
In certain cases, a person may become aware that he or she has been the subject of an investigation and want to know what personal information has been collected. As previously stated, personal information collected is routinely destroyed shortly after the conclusion of a case unless there is a valid reason for storing it. Should any information still be in existence it will be passed on to the subject upon request.
If you need to hire a GDPR complaint private investigator contact Are They Safe today.