The General Data Protection Regulation, or GDPR in short, will overhaul how organisations process and handle data. Coming into effect on May 25th, 2018, GDPR will specifically target how businesses and the public sector handle the information of 750 million European citizens.
This basically means that any organisation that holds any data on EU citizens, for example any information relating to an individual, whether it relates to his or her private, professional or public life. This could be anything from a name, a photo, an email address, bank details, posts on social networking websites or a computer’s IP address are all subject to GDPR.
Why should organisations care about GDPR?
Although this law comes from the EU, it will have a global impact. This will affect any business holding personal data on customers, prospects or employees based within the EU. Organisations who are not located within the EU and ignore this new law could face penalties and fines if they do not comply.
Here is a handy checklist you might want to consider following to prepare for GDPR »
Although GDPR doesn’t come in to force until May 2018, it can take several months to prepare. Make the key decision makers within your organisation aware that the law is changing. Don’t leave it until last minute.
» The information you hold
What personal data do you hold? Where did it come from and who do you share it with? The GDPR requires you to maintain records of your processing activities. For example, if you have inaccurate personal data and have shared this with another organisation, you will have to tell the other organisation so it can correct its own records.
There are some additional things you will have to communicate to people under GDPR. For example, you will need to explain why you are processing the data, and that individuals have a right to complain if they think there is a problem.
» The GDPR includes the following rights for individuals:
» to be informed
» have access
» restrict processing
» data portability
» to object
» be subject to automated decision-making including profiling
You might want to consider refreshing your existing consent methods if they don’t meet the standard.
» Data breaches
You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
Elizabeth Denham, the UK’s information commissioner, who is in charge of data protection enforcement, says she is frustrated by the amount of ‘scaremongering’ around the potential impact for businesses.
The GDPR is a step change for data protection, it’s still an evolution, not a revolution. For businesses and organisations already complying with existing data protection laws the new regulation is only a ‘step change’.
Safety Media have recently released a course specifically about General Data Protection Regulations. If you want to make your employees aware or have more of an understanding regarding GDPR, then this course might be exactly what you need.
This e-Learning course is ideal for anyone who works in any type of organisation that handles data. The course will allow your employees to understand what General Data Protection Regulations are and why it’s important to follow these requirements to protect Data Subject’s data. Course chapters include; Rights & Responsibilities and Regulation & Enforcement.
If you require any further information about the GDPR course, please don’t hesitate to contact our team on +44 (0)1745 535000 or email email@example.com.
You can download the GDPR course description here
If you are a US based organisation then GDPR will still be a consideration for you. For more information about this please visit this article written by legal professionals, Hogan Injury, in California »