Facts and opinions about individuals constitute personal data, and are legally protected in the UK and elsewhere in the EU. Learn about the principles of data protection and how you can apply these in practice.
In this course, you'll learn about what personal data is, why we need to protect data, and how you can comply with our Data Protection Policy and procedures.
|Duration||Approximately 40 minutes|
|Audience||Suitable for all staff - examples and interactivities designed for staff at all levels|
|Prerequisites||No previous knowledge or experience required|
|Design||SHARD-compliant, responsive display on all devices, accessibility on screen readers, visual design controlled via client style sheet|
|Test-out||Ability to offer optional test-out, whereby users can choose to skip the course content and complete the learning assignment simply by passing the assessment|
|iExpress||Supplementary four-minute iExpress interactive video provided to create awareness and interest about the topic|
|Deployment||AICC and SCORM 1.2-compliant, suitable for both hosted and deployed SCORM or AICC|
|Compatibility||All Windows, Mac OSX, iOS, Android (Flash-free for mobile compatibility)|
|Tailoring||Fully customisable on Skillcast Portal CMS|
|Translation||Pre-translated versions not available, but all text content can be exported for translation into all languages|
|Localisation||Based on UK legislation, but suitable for global audiences upon the removal of UK-specific references and translation as necessary|
Every year, we generate and consume increasing amounts of information in both electronic and hard-copy formats. It is vital that we protect this information from unauthorised use or access, and illegal copying, viewing or loss.
The new General Data Protection Regulation will come into effect on May 25th 2018 and will replace the current Data Protection Directive (DPD).
As with its predecessors, it is designed to protect the personal data of individual's and regulate how organisations and businesses use personal information.
Anyone responsible for using data has to follow very strict rules, as set out in the regulation.
But, what exactly is personal data?
Section 1 of the Data Protection Act defines “personal data” as any data that can be used to identify a living individual. This includes names, addresses, date of birth, telephone numbers, and email addresses.
Under the ‘data protection principles’, those using data must ensure that the information they are using is:
There are also some special categories of personal data – known as sensitive personal data – which may cause harm or distress if they are improperly used or disclosed. Examples of this include details of a person’s racial or ethnic origin, political opinions, religious beliefs, physical or mental health, sexual origin, as well as any genetic and biometric data that uniquely identifies an individual.
With sensitive personal data, there must be a very specific business reason or legal requirement for obtaining it and must not collect or use such information without prior consent and authorisation.
Although the key principles of data protection will remain the same, many key changes will be brought in when this new regulation is introduced.
Some of the more significant changes include tighter sanctions, more rights for individuals, and a wider territorial scope – meaning that any non-EU organisation doing business in the EU will also be obliged to comply.
However, one of the most potentially damaging changes to be introduced is the much tougher penalties at play for firm’s found guilty of failing to comply with regulation policies and procedures. Currently, organisations can face fines of up to £500,000 – but when GDPR takes effect, those fines can potentially increase to 4% of a company’s global annual turnover or EUR 20 million – whichever is the highest.
So, to avoid these hefty fines, what measures do businesses need to start implementing, if they haven’t done so already, to ensure they don’t come under fire come May 2018?
There are many ways in which companies can get themselves ready for GDPR, such appointing a Data Protection Officer, implementing a documentation process for the information they collect, use, store and share with other people, and raising awareness among staff of the impact these new rules will have on the business.
Despite Brexit and the Government’s decision to trigger Article 50, the UK will continue to be part of the European Union until 2019 at the earliest, and therefore, UK firm’s will still have to be GDPR compliant by May 2018.
What happens post the UK's departure from the EU will largely depend upon whether the UK joins the European Economic Area. While we are still in the dark about many things post Brexit, one thing that is for certain is that UK businesses will be fully subject to GDPR rules for the best part of a year at least, and should therefore begin the process or continue to get up to speed on these new regulations.
With its imminent introduction, we have added a section on General Data Protection Regulation training to our existing Data Protection training course.
Upon completion of this course, learners will be able to:
Data security should be an essential area of concern for all businesses and business owners. After all, with the amount of information stored virtually these days, it’s easy to see why just one breach could be seriously damaging to a business.
Such breaches are more often than not down to human error due to a lack of understanding when it comes to Information Security and Data Protection Policies.
Information Security breaches can also occur when a person is working while on the move. There is the risk of someone overhearing a private and confidential conversation, electronic communications being intercepted if using unsecured networks and devices containing confidential data being lost of stolen.
Emails and passwords pose a huge risk to information and data security. For example, email distribution lists which allow a user to send emails to everyone in their address book at once, are a popular feature as it saves lots of time. However, it can be dangerous if used irresponsibly and can cause chaos to an organisation. It is crucial that the information being sent is checked against the recipient list before pressing ‘send’, and the entire content of the email thread is checked before it is forwarded on. Not all recipients of an email have a genuine ‘need to know’ and this must be determined before any action is taken.
It is also very common for people to fall into the trap of using the same password for everything, otherwise it means having lots of different passwords to remember. This can cause a serious personal data breach, and even though it may be slightly more of a hassle, having more complex passwords and changing them regularly will reduce the chance of hackers getting hold of your personal information.