GDPR will bring good data to your business
Dominic Cullis, CEO of GDPR Academy, explains that, despite all the scare-mongering, GDPR can be a positive benefit for your business if you are properly prepared.
The holding of personal data is regulated in England and Wales by the Data Protection Act 1998. This Act will be superseded by the General Data Protection Regulation (GDPR) when its provisions take effect on 25th May 2018. The principles of the GDPR are similar to those of the Data Protection Act 1998, however, the GDPR includes significant new obligations for organisations and grants individuals a range of new rights.
GDPR – the benefits
GDPR will be a positive benefit for organisations that are serious about protecting their client’s personal data. Early compliance with GDPR will position companies to pick up business where an incumbent supplier has failed to embrace the new regulations.
GDPR will be policed by the Information Commissioner’s Office (ICO) in the same way that the Data Protection Act has been. The ICO will no longer levy the annual £35 corporate charge but will instead be fully funded by the fines it imposes on business who fail to comply with GDPR. Fines will increase significantly under GDPR compared with those imposed by the ICO under the Data Protection Act. The maximum fine will be €20,000,000 or 4% of group annual turnover compared with £500,000 currently.
The need for GDPR learning and training
There is an informative guide to GDPR available on the ICO website to help explain the provisions of GDPR to enable businesses to prepare. Training is an essential element for a business to be compliant with GDPR. Well educated personnel are less likely to make mistakes and cause a breach of personal data. eLearning is an ideal way for managers to ensure all staff obtain the training they require in convenient bite size chunks.
The GDPR Academy is dedicated to providing up to date information about GDPR and the Data Protection Bill currently working its way through Parliament. GDPR Academy courses combine video, animations, infographics and downloadable technical documents combined with multiple choice quizzes to ensure a topic has been successfully learned.
Companies hold a vast amount of personal data on employees and customers, therefore any data breach will be taken very seriously by the ICO.
Businesses must protect themselves as diligently as possible and demonstrate that they have taken all possible steps to avoid a data breach.
Organisations need to identify that all personal data that they hold in relation to staff, clients, prospects and suppliers is not only secure, but that it has been compiled according the GDPR regulations, and that it is managed accordingly. The past ways of gathering a prospect list won’t necessarily be compliant with the new regime. Businesses now need to demonstrate good procedure, compliance and express permission from the owners of the data.
Businesses must demonstrate that they have a data protection policy, including a data protection breach policy as a breach must be notified to the ICO within 72 hours of occurrence.
Cyber security
Cyber security is an integral part of protection against data breach, and Law firms, SME’s and Charities are at high risk of cyber-attack due to the very nature of their business. The Government Cyber Essentials programme is a good place to start to establish how well your practice is protected against cyber attacks.
Protection against cyber-crime is as much based on the human element as it is on technological solutions. A company’s defences are only as strong as the weakest element and a junior person clicking on a malware link can infect the whole system and leave it vulnerable to a cyber hack. This is where training is of the utmost importance, and by taking eLearning courses a company’s training can be continually monitored, thus affording the a measure of accountable protection against the consequences of any breach.
It is estimated that only 20% of UK businesses will be GDPR-ready by the time the regulation comes into force. Good governance aids good practice and businesses that are properly prepared for GDPR and best protected against cyber threats by demonstrating their compliance with policies, training and management will be able to use this governance to run more smoothly and take advantage of the new regulations.