The General Data Protection Regulation (GDPR) is only a few months away from becoming effective across the EU. But what do your employees know about it? How does it affect your organization? The answer is probably: quite a lot! Any company that is based in the EU, or that processes the data of EU individuals, must be ready to comply.
A recent survey by the UK data protection regulator, the Information Commissioner, found that only one-fifth of the UK public has trust and confidence in companies and organizations storing their personal information.
Against this backdrop, the GDPR provides an opportunity for organizations to aim higher in raising standards but also presents a significant challenge in terms of technology, organization and training. And it’s not just a matter of reputation and trust—those who fail to meet the standards required face stringent penalties.
Also read: 'GDPR: It's Time to Get Started'
Getting to Grips With the Key Facts
Let’s think about some of the changes which the GDPR will bring, and their implications in terms of staff knowledge:
1. The GDPR comes into effect across the EU in May 2018
So your training program will have to be completed before that date
2. The GDPR builds on and enhances the existing legal framework, to make it fit for a more digital age. As before, businesses must protect individuals’ personal data—now, however, there is a greater emphasis on those individuals’ rights
Employees must be aware of those rights and know what they mean in practical terms. For example, will they be able to recognize a Subject Access Request? Do they know who to tell if a customer’s personal data is incorrect?
3. The GDPR’s scope is broader in terms of geographical application and personal data which can only be transferred outside the EU if appropriate safeguards are in place
Does everyone in your organization know about these limitations and the procedures to be followed in every case?
4. There is also a wider definition of personal data. It now covers, for example, biometric data
Are your staff aware of the broader definition? Do they know what is special about sensitive data, and the limitations on its use?
5. The requirements in relation to obtaining an individual's’ consent for use of their data are especially demanding
Do employees, particularly those in marketing and research, understand when consent is needed, and what it means for your business? Do they know where to get help if they are not sure what is permitted?
6. There are more stringent penalties for non-compliance, so the stakes are higher than ever
Do people understand the potential consequences of data breaches, and do they know how to avoid them?
Related reading: 'Preparing Your Workforce for the GDPR [FAQ]'
How to Fill the Gaps
Our GDPR awareness training solutions can fill in some of these gaps and help reduce your company’s exposure to non-compliance.
Our new awareness infographic video helps put the GDPR In context, while a full eLearning course is coming in early 2018. These two products have a consistent ‘look and feel ’ allowing them to be purchased as a suite. However, they can also be purchased independently, depending on your specific needs and required roll-out dates.
The video, which provides a simple, easy-to-understand overview of this important legislation and what it means for your organization, can be used to introduce the topic to learners via a learning management system, or as part of a wider campaign (e.g. on screens around your building) to raise awareness and trial forthcoming training.
It explains the continuing emphasis on data protection, with the advent of the new Regulation in 2018 and provides a very high-level overview of the changes in the GDPR, including:
- The worldwide scope of the legislation
- The broader definition of personal data
- The greater emphasis on the rights of the individual
- The more stringent penalties for non-compliance
It also includes a reminder that good data protection compliance is a business opportunity and the need for effective systems and controls.
If you found this blog helpful, you might also be interested in a recent webinar we ran with My Compliance Office on the subject of the Senior Managers and Certification Regime. Watch the recording here.