The media is awash with adverts about the EU General Data Protection Regulation; “Are you ready?”, because it is coming ready or not. But…
“What is the EU GDPR?”
I hear you ask; the law itself is about Data Protection, and not as complex as you might think, as it is based on a set of common sense principles.
The next question that always follows this answer is, “But we have Data Protection Laws already, why do we need to change them?” for which I will provide an answer.
On May 25th 2018 a new set of laws will come into force, “…designed to harmonise data privacy laws across Europe, to protect and empower EU citizens…” which will drastically change the requirements of data protection across the EU and in the UK.
“But we are leaving the EU, why do we need to adopt this EU law?”; It still affects all UK organisations, as the GDPR not only applies to organisations located within the EU, but also apply to organisations located outside of the EU. The UK will also be adopting EU laws, through the UK Parliaments great repeal bill.
Now that we have ascertained why we have to take action, the question is; what action should we take?
As mentioned previously…
“ the law itself is about Data Protection, which is based on a set of common sense principles”
for which we have existing data protection laws. So the first action you need to take is to train your staff in the principles of data protection as it exists currently in the UK; we can help you provide this training to all of your staff, with our elearning modules.
The be.privacy eLearning course, delivers the core principles of data protection relevant for any organisation, clearly demonstrating that we can make data protection easier to absorb, with visual aids, set in practical scenarios. Our courses are real world applicable, interactive, trackable and accessible at any time from any device and location.
When the GDPR comes into force on 25th May 2018, you will be required to meet additional requirements, some of which include:
- Each organisation will need to record why they are collecting data on individuals, including for what purpose they intend to use it
- Recording processes of how you work with data and consideration that you have the right consent from each individual
- Securing data, auditing data and privileged access to this data will also become mandatory
- You will need to inform the relevant supervisory authority within 72 hours of your organisation becoming aware of a data breach.
There are many changes like the examples above, that will change your general working practices.
Our be.GDPR eLearning modules have been released. The aim of these modules is to help organisations like yours pickup and run with the new GDPR regulation with ease, saving you hassle and helping you avoid the pitfalls of new regulation.