The media is awash with adverts about the EU General Data Protection Regulation; “Are you ready?”, because it is coming ready or not!
What is the EU GDPR?” I hear you ask; the law itself is about Data Protection, and not as complicated as you might think, as it is a set of common-sense principles.
The next question that always follows this answer is, “But we have Data Protection Laws already, why do we need to change them?” for which I will provide a solution.
On 25th May 2018 a new set of laws came into force, “…designed to harmonise data privacy laws across Europe, to protect and empower EU citizens1…” which will drastically change the requirements of data protection across the EU and in the UK.
“But we are leaving the EU, why do we need to adopt this EU law?”; It still affects all UK organisations, as the GDPR not only applies to organisations located within the EU but also applies to organisations located outside of the EU. The UK will also be adopting EU laws, through the UK Parliaments great repeal bill.
Now that we have ascertained why we have to take action, the question is; what action should we take?
As I mentioned previously, “, the law itself is about Data Protection, which is based on a set of common-sense principles.”, for which we have existing data protection laws. So the first action you need to take is to train your staff in the principles of data protection as it exists currently in the UK; we can help you provide this training to all of your staff.
Our training, delivers the core principles of data protection-relevant for any organisation, clearly demonstrating that we can make data protection easier to absorb, with visual aids, set in practical scenarios. Our training courses are real-world applicable, interactive, trackable and accessible at any time from any device and location2.
When the GDPR came into force on 25th May 2018, you were required to meet additional requirements, some of which include:
- Each organisation will need to record why they are collecting data on individuals, including for what purpose they intend to use it.
- Recording processes of how you work with data and consideration that you have the right consent from each individual
- Securing data, auditing data and privileged access to this data will also become mandatory.
- You will need to inform the relevant supervisory authority within 72 hours of your organisation becoming aware of a data breach.
There are many changes like the examples above, that will change your general working practices.
1 Citation: http://www.eugdpr.org/
2 Requires an internet connection and current browser.