What do you need to know about GDPR before it hits L&D? Richard Hyde, E-Learning Consultant at Learning Pool, tells us why GDPR is important how it will impact the L&D world.
With our incessant desire to capture and store more and more personal data comes a growing headache – how to protect it from being stolen and used for unscrupulous means? If you don’t fully appreciate the scale of global data breaches, check out the World’s Biggest Data Breaches which shows it in a visually beautiful (if slightly shocking) way.As well as only showing losses greater than 30,000 records (so there are likely to be many more smaller losses) two other things stand out:
The Internet has given us access to wonderful, personalised experiences from the comfort of our desks but it has also exposed us to criminals who want to steal our personal data for their own ends. The Data Protection Act (DPA) 1998 has stood the test of time but it isn’t robust enough to deal with the modern networked world we live in.
That’s where the General Data Protection Regulation (or GDPR) comes in.
The GDPR will apply in the UK from 25 May 2018. This date will not move so put it in your diary. It’s a huge change, and many commentators are calling it the most significant legal shake up for decades. But it’s long overdue, which probably accounts for the scale of change it will introduce.
“GDPR is the biggest legal change of the digital age.” Mark Lomas, Capgemini
It will put the UK data protection rules more or less in line with the rest of the EU (don’t worry, we’ll talk about Brexit later).
It will introduce higher fines for non-compliance (and breaches) as well as allowing employees to have more say in what an organisation can do with their data. If you’re interested, the fines will be huge – non-compliance or breach penalties will be up to £17 million. Needless to say, this has caused a flurry of activity in IT circles of late.
Digging a little deeper, the GDPR applies to ‘controllers’ and ‘processors’ of data:
New rights for individuals will also be introduced by the GDPR (and existing rights under the DPA will be strengthened):
So if you’re currently subject to the DPA, it is likely that you will also be subject to the GDPR.
You may have asked this question already and received the answer ‘Hmm, we’re working on it’. Unfortunately there are some nasty surprises ahead for nearly 50% of global organisations, as a study by Veritas shows .
“Our study indicates that a whopping 47 percent of organisations globally have major doubts that they will meet this impending compliance deadline.” – Veritas
That’s not great news, but it gets worse. A recent report by Netskope found that almost 75% of cloud services still lack key capabilities needed to ensure compliance with the GDPR . So if your organisation stores its enterprise data with a third party, there are more potential woes there.
Let’s think specifically about the impact on L&D and see if 2018 will be any rosier for us learning professionals.
The focus for learning and development is likely to be the learning management system (LMS), as this stores the most bytes of personal data for your learner population.
If you host an LMS, the GDPR will mean that:
Also, bear in mind that an employee will be able to claim compensation for any damage caused by infringement of the GDPR.
Some LMS suppliers, such as Totara, have plans in place to support the new ‘rights’ listed above, but consent for the capture of data lies with you as the administrator of the system. Totara Learn will actually go further and help with the compliance of rights by having an automated versioned system in place to track acceptance of the rights and it will detail how the system deals with your data.
The burning question is ‘Will Brexit kick GDPR into touch?’ Alas, no. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. It will form part of UK law following the country’s withdrawal from the European Union . Some post-Brexit changes to the GDPR will be inevitable but the impact on organisations will be essentially the same. For instance the name might change so if you are commissioning content to support the rollout, it’s a good idea to make sure you can edit the material without any fuss or cost.
In general though, we should all stay calm and carry on with our GDPR preparations for May next year.
Not yet, but there are some immediate recommendations below:
So keep calm and make a plan for the GDPR before the countdown ends.
If you’d like to find out more about Learning Pool’s GDPR training suite, sign up for a trial.
1. World’s Biggest Data Breaches 2. Overview of the General Data Protection Regulation (GDPR) 3. Worldwide Climate Of Fear Over GDPR Data Compliance Claims Veritas Study 4. Majority of enterprise cloud services still not ready for GDPR 5. GDPR will change data protection – here’s what you need to know 6. GDPR and Brexit: UK Government unveils Data Protection plans 7. Preparing for the General Data Protection Regulation 8. ICO announces more help for small and micro businesses
How many employees require elearning?
+44 (0) 207 101 9383
+44 (0) 207 101 9383
US (857) 284-1420
+44 (0) 345 074 4114*
US (+1) 844 238 5577
* call charges vary depending on your provider