Learning Management Systems UK
GDPR - How will it affect my organisation
Wednesday 21st March 2018
With the upcoming General Data Protection Regulations (GDPR) going into effect on the 25th of May, many companies are asking the same questions; does GDPR affect me? How does GDPR affect business practises? And how do we avoid steep penalties?
GDPR will be applicable to all companies around the world that process the data of citizens within the European Union. Any organisation that works with information regarding EU citizens must be compliant with the requirements stated in GDPR.
Failure to comply with GDPR can result in a fine of up to 4% of an organisation's annual global turnover or €20 Million, whichever is higher. This sum would be the maximum fine for infringements stemming from the most severe offences, such as breaking the main areas of the Privacy by Design concepts or having insufficient evidence of customer consent to process data. There will be varying fines for different types of smaller offences; for example, an organisation can be fined 2% of their global turnover for not having records in order, or for not getting in touch with the supervising authority and data subject regarding data breaches or a lack of impact assessments.
The regulations cover a vast selection of data protection aspects and can be daunting when first attempting to understand all of them. The update to the 1995 directive offers a holistic and more defined approach to data protection which includes:
• Improved conditions of consent for data subjects - Request for consent must be given in a very clear and understandable manner, companies can no longer hide behind illegible terms and conditions to discretely include consent to store information on data subjects.
• Breach notification will become mandatory - if a company has a data breach they will have to notify their customers and their controllers within 72 hours.
• Right to access - data subjects have the right to know from the data controller if their personal data is being processed.
• Right to erasure - the right of the data subject to request a data controller removes their personal data.
• Data portability - the data subject has the right to ask data controllers for access to all personal data they have collected concerning them.
• Privacy by Design - when systems are designed they must be created with data protection at the core of their development.
• Data Protection Officers (DPO) - DPO appointment will be mandatory for all companies whose core activities involve processing and monitoring data subjects on a large scale.
Companies will essentially need to develop a culture of data privacy within their organisation, from senior management positions down to junior level roles, this will include providing data protection training and insuring policies and procedures are understood and followed. All of this should be done in order to easily demonstrate compliance with GDPR coming into effect in May.
As highlighted in this blog, GDPR has the ability to affect all UK Business, regardless of size or turnover, and there are some key areas which are very important to take note of.
Oxford Applied Training provides two key courses for GDPR, one for essential staff training which is a CPD accredited course focussing on GDPR fundamentals, and another for manager training on GDPR covering the core principles of the regulations, what you need to do to comply with them, and what rights GDPR guarantees for individuals.
The courses are online and can easily be rolled out in record time to companies big and small from few employees to thousands of employees at different locations.
Thanks to our Trove LMS system all completions and certificates are automatically stored to evidence compliance.
Our team stand ready to help and advice. Why not call us now and arrange a no free no obligation advice session to see how easy, cost effective and quick our solution is.