The General Data Protection Regulation (GDPR) replaced the Data Protection Directive (DPD) and brought with it in significant changes to data protection laws as we know it.
The GDPR came into effect on the 25th May 2018 and aims to unify and strengthen data protection for individuals within the European Union (EU).
Some of the major changes include tougher sanctions, more rights for individuals, and a wider territorial scope, meaning that any non-EU organisation that does business in the EU will also be obliged to comply. The appointment of a Data Protection Officer (DPO) will also be mandatory for certain companies.
Yet there are still an alarming number of businesses who have not taken a single step forward in preparing for GDPR, and have no idea of the impact it will have upon them.
A recent study by Veritas Technologies has revealed that over half of businesses have not even began any work on meeting minimum GDPR compliance standards. This goes hand in hand with an independent survey commissioned by NetSkope, showing that only one in three British adults are aware of GDPR and over 70% of workers have not yet been informed of this regulation by their employers.
Previously, under the Data Protection Act (DPA), failure to comply with data protection rules could lead to firms being fined a maximum of £500,000, with the highest to date being around £400,000. However, now that GDPR is in effect, penalties are much tougher and will result in firms potentially being fined 4% of their annual global turnover or EUR 20 million, whichever is the highest.
So, with that in mind, surely this is the incentive businesses need to get to grips with the new regulations and make sure they get it right....right?
Top tips to get your business GDPR compliant:
- Know where your data is and get familiar with your data sources - It is impossible to comply with data protection rules if you don't know what data you hold and where it is, so having visibility of your data at all times and knowing what it consists of is crucial.
- Categorise your data - Even though all of your data certainly does have relevance and importance, some data will be more significant than others. Categorising your data according to its value within your company will help to reduce the risk of security breaches.
- Have a Data Protection Officer in place - This applies if you have over 250 employees in your company. They will act as the main go to person for all data protection activities within your firm.
- Have detailed plans in place in case it goes wrong - Get your business ready for any possible negative situations. This means having detailed plans and costs in place that can be consulted in the event of such outcomes.
- Educate your staff - Train your employees up and make sure they understand what the impending new regulation means for them.
Want to learn more about GDPR?
If you'd like to stay up to date with GDPR best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including GDPR, Equality, Financial Crime and SMCR. We also regularly report key learnings from recent GDPR fines. And if you're looking for a compliance training solution, why not visit our GDPR Course Library?.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!