Like a department store Christmas display, we can see the early signs. We know that the General Data Protection Regulation is coming – on 25 May 2018 in fact – but what does this mean for businesses? And how can you ensure compliance?
what is GDPR?
The GDPR is an EU regulation designed to strengthen the protection of personal data. It also addresses the export of personal data outside the EU.
if the UK is leaving the EU, why are we still subject to an EU regulation?
By the time GDPR comes into play next year the UK will not have left the EU, however post-Brexit there’s a common agreement that it will be retained in effect because of the positives for consumer data protection. The regulation will apply if:
- the data controller is based in the EU
- the data processor is based in the EU
- the data subject – the person the personal data relates to – is based in the EU.
Which means GDPR still applies for organisations that are outside the EU, if they are controlling or processing personal data about an EU resident.
what type of organisations will be affected?
The GDPR applies to all organisations that store, process or transfer personal data – this applies then to most businesses and public bodies.
That means you and your organisation must be GDPR compliant.
what do I need to do to prepare?
If you haven’t yet thought about a GDPR plan for your business then now is certainly the time to start. Here are a few tips on getting organised
Identifying the ways your company uses data is certainly a step in the right direction, and it could be a good idea to set up an internal ‘GDPR team’ with a representative from all departments that use data. This will allow you to:
1 | establish data protection policies
identify all the ways your company handles data and put together policies for data compliance.
2 | appoint a data protection officer – DPO
if your company is involved in large scale monitoring of individuals’ behaviour or large scale personal data processing of sensitive personal data, or if you work for a public authority, you will need to appoint a DPO. It will be their job to manage all the personal data protection systems and processes the organisation has put in place to protect individuals’ personal data.
3 | sign up to an approved code of conduct
signing up to one of these isn’t obligatory, but you may want to consider it as a way of demonstrating compliance. They set standards for an organisation to meet in terms of safe personal data processing.
how can I ensure employees within my organisation have the information they need?
Providing GDPR training ensures all of your staff have the information to understand the GDPR. Learning Pool’s GDPR compliance module demonstrates how your organisation and staff can ensure compliance and avoid heavy penalties. All employees are responsible for compliance, and it’s very important that they’re aware of this. This course will highlight how they can help protect people’s personal data.
Upon completing this course your learners will be able to define the key elements within GDPR, understand the penalties, know the importance of consent, how they play a role and what to do in the event of a personal data breach. Key learning within this module is categorised into five articles focusing on:
1 | the GDPR: what you need to know – the basics of GDPR, why it’s important, and defining personal data, data processor and data controller. This also covers the penalties and consequences of noncompliance.
2 | data-handling rules – how individuals must give consent for their personal data to be used, guidelines for personal data processing and transfer as well as children’s personal data in the GDPR.
3 | organisational responsibilities – learners will be able to list an organisation’s responsibilities under the GDPR, be accountable and meet requirements such as appointing a Data Protection Officer.
4 | data breaches – identifying what a personal data breach is, how they can occur and what to do in the event of a breach under the GDPR.
5 | quiz – finishing up with a final quiz for the learner, where they will have gathered ‘top tips’ as they progressed through the modules, and can use them to help answer the questions.
Read more from Learning Pool now by visiting our Learn & Connect section.
To find out more about getting your staff ready for GDPR, try our demo module for free.