Nick Richards of the GDPR Advisory Board give us a few essentials about the upcoming legislation.
What is GDPR?
The GDPR (General Data Protection Regulation) is the European Union’s new regulation on data and cyber-security. It’s designed to strengthen data protection for everyone, and create a single data protection regime for businesses and consumers to rely on. It comes into force on 25 May 2018.
Why is it important?
The GDPR replaces the 1998 Data Protection Act (DPA) and has a much greater emphasis on consent (ensuring that we agree to businesses having our data) and the documentation data controllers must keep (maintaining good records of data storage).
In many cases GDPR requires a cultural shift in organisations that ensures personal data is handled appropriately – and this just as important for the marketing team as it is the receptionist.
There are very good reasons for GDPR. It aims to bring European data protection laws up to date with the modern technological age. It will unify the various existing data protection laws across Europe. And in some cases, it will bring companies outside the EU within the scope of European law where applicable.
What do I need to do to comply?
The ICO governs GDPR compliance and have produced a 12 step guide as to the steps you need to take to comply.
However Piers Clayden, founder of www.claydenlaw.co.uk and member of the GDPR Advisory Board recommends these as the top five things to get right under GDPR:
- Demonstrate that you are taking data protection seriously – up-to-date policies, record keeping and staff training are all important elements of this
- Ensure that the public-facing information notice reflects the reality of how the business actually does use and treat personal data behind the scenes
- Ensure that the business has proper organisational and technical measures and policies in place to keep personal data safe and secure – having a robust information security policy which is actually adhered to throughout the business is part of this
- Make sure that if the business were to suffer a security breach (i.e. in short where personal data was accessed outside of the organisation without authorisation) you would be able report this to the regulator (the Information Commissioner’s Office) within 72 hours of becoming aware of this breach
- Make sure that, where personal data is processed on your behalf by an external organisation, you have contracts in place that meet the requirements of the GDPR
Failure to comply with the GDPR could expose the business to fines (potentially up to 4% of annual turnover or €20m, whichever is higher), claims for damages from individuals, but perhaps more damagingly, loss of reputation.
How will GDPR directly affect businesses in the training industry?
The handling of all personal data will need to be assessed and monitored appropriately under GDPR. Those in the training sector who handle any form of personal data must be GDPR aware, and, ironically training is arguably the best way to help compliance for those working in the sector.
Why is training relevant?
Training is important when it comes to GDPR. In many cases GDPR requires a cultural shift in organisations that ensures personal data is handled appropriately – and this just as important for the marketing team as it is the receptionist.
Training enables this transition to take place across the company – and if you are questioned over GDPR compliance, proving that training has taken place is a very good step to show intent for compliance and might help avoid unwanted fines.
What training should businesses consider?
There are many classroom courses available for GDPR but these can be costly and limiting. Elearning provides a cost effective solution to train a large number of the workforce in a consistent manner (good for new starters) without taking employees out of the office to do so.
Want to find out more? You could always try the GDPR Advisory Board – an easily-accessible, no-nonsense platform for anyone baffled by the implications of GDPR. For straight talking advice from a team of academic, legal and training experts visit www.gdpr-board.co.uk. Me Learning has teamed up with legal experts at Clayden Law to produce a range of easy-to-understand and legally compliant GDPR e-learning. To find out more visit www.melearning.co.uk
About the author
Me Learning has teamed up with legal experts at Clayden Law to produce a range of easy-to-understand and legally compliant GDPR e-learning. To find out more visit www.melearning.co.uk