The GDPR came into effect on the 25th May 2018 and aims to unify and strengthen data protection for individuals within the European Union (EU).
Some of the major changes include tougher sanctions, more rights for individuals, and a wider territorial scope, meaning that any non-EU organisation that does business in the EU will also be obliged to comply. The appointment of a Data Protection Officer (DPO) will also be mandatory for certain companies.
An independent survey commissioned by NetSkope, showed that only one in three British adults was aware of GDPR and over 70% of workers have not been informed of this regulation by their employers.
Previously, under the Data Protection Act (DPA), failure to comply with data protection rules could lead to firms being fined a maximum of £500,000, with the highest to date being around £400,000. However, now that GDPR is in effect, penalties are much tougher and will result in firms potentially being fined 4% of their annual global turnover or EUR 20 million, whichever is the highest.
So, with that in mind, surely this is the incentive businesses need to get to grips with the new regulations and make sure they get it right....right?
Top tips for GDPR compliance
- Get the tone from the top right - If you haven't already, consider holding events and roadshows, creating resources, or organising presentations by the CEO and board to create awareness and demonstrate your commitment to data protection at the highest level. If it matters to you, then it will matter to everyone else across the organisation.
- Appoint a Data Protection Officer - This applies if you have over 250 employees in your company. They will act as the main go-to person for all data protection activities within your firm.
- Be proactive and aim for data protection by design - Think about how you might integrate data protection into all your processes so data protection and privacy issues are prioritised from the start. Carry out and document Data Protection Impact Assessments (DPIAs) or Privacy Impact Assessments (PIAs) to strengthen protections for individuals.
- Measure and mitigate the risk - As a board, be sure to spend time discussing your cybersecurity and information security issues. What is your risk profile, your attitude to different risks, and your appetite in respect of data breaches? Are cybersecurity and information security issues included in your risk register? Are there named risk owners and specialist teams to track and manage the risk? What role do Audit and Compliance play now and how will this change in future?
- Know where your data is and get familiar with your data sources - It is impossible to comply with data protection rules if you don't know what data you hold and where it is, so having visibility of your data at all times and knowing what it consists of is crucial.
- Categorise your data - Even though all of your data certainly does have relevance and importance, some data will be more significant than others. Categorising your data according to its value within your company will help to reduce the risk of security breaches.
- Have detailed plans in place in case it goes wrong - Get your business ready for any possible negative situations. This means having detailed plans and costs in place that can be consulted in the event of such outcomes.
- Educate your staff - Train your employees up and make sure they understand what the impending new regulation means for them.
Want to learn more about GDPR?
If you'd like to stay up to date with GDPR best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including GDPR, Equality, Financial Crime and SMCR. We also regularly report key learnings from recent GDPR fines. And if you're looking for a compliance training solution, why not visit our GDPR Course Library?.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!