We've teamed up with Yellow Room Learning, a leading provider of Cyber Security, Data Privacy and GDPR Awareness Training, to help bring your employees up to speed, save you time and remove some of the headaches of implementing a new big piece of legislation.
As we discussed previously, the General Data Protection Regulation (GDPR) is a set of regulations designed to protect the data of people living in the EU. These regulations will change how businesses can collect, process, store, and share the data of their customers.
The GDPR comes into effect on the 25 May 2018 and replaces EU directive 95/46/EC (EU Data Protection Directive). Although the UK is leaving the EU, it is expected that legislators will continue using the GDPR.
We are preparing detailed guides for our clients. These guides will explain the key principles of the GDPR, and how senior management should help their workplace prepare for the adoption of these principles. We’ll explore the consequences of non-compliance, and finally, explain how we can help your business prepare by providing GDPR and cyber security awareness training for employees.
Senior managers are ultimately responsible for ensuring a business complies with the GDPR. Some of the key areas they must address include:
• Creating a GDPR compliance programme
• Creating workplace policies that ensure continued GDPR compliance
• Ensure data security procedures are in place and data handling technologies are up-to-date
• Take steps to ensure customers, clients and users are aware of their rights and understand how/why their data is being used
• Audit the ways the business collects and processes user data, ensuring they are GDPR compliant
• Providing adequate staff training to ensure they comply with GDPR principles
• Ensure any third-party data processors the business uses are compliant with the GDPR
Infringement of some of the GDPR laws can result in fines, big fines. By way of example:
• A €20mn or 4% of global annual turnover fine (whichever is greater) may be expected if the ‘Conditions of consent’ or the ‘Lawfulness of processing’ Articles are not observed.
• Smaller fines of €10mn or 2% of global annual turnover may be issued if the following Articles are infringed; ‘Records of processing activities’ or ‘Security of processing’.
The GDPR does not hold directors and officers personally liable at the moment. However, the Data Protection Bill, which was introduced to the House of Lords in September 2017 to supplement GDPR, makes clear that if an offence is knowingly committed, or committed through negligence, that director, as well as the company, will be liable to prosecution.
We can help your business comply with the GDPR by providing the following services:
• GDPR awareness training for employees
• Custom-built training that incorporates your business’ policies
• Cyber security training By carrying out some or all the above, you can demonstrate that your business has taken suitable measures to protect your customer, client and user data.
Please do get in touch if you would like support in getting GDPR ready.