What is GDPR? is becoming the big question that Companies, State organisations and all those involved in business are asking as the first full week back at work in 2018 commences.
In particular HR directors and Managers need to become aware of this term and ensure that all employees in their organisations are fully aware of their requirements regarding GDPR.
GDPR makes it much less difficult for individuals to bring claims against Data Controllers if their data or privacy has been infringed.
GDPR is the EU’s new General Data Protection Regulation which applies to all EU organisations, be they commercial,voluntary or a public Authority, that collect, store or process the personal data of EU individuals.
Organisations based outside of the EU, that monitor or offer goods and services to European citizens will have to observe the new rules and adhere to the same level of protection of personal data.
If an organisation is found to be in breach of the GDPR, they can be fined up to 20 million euro or up to 4% of their annual global turnover.
GDPR takes effect and is enforceable across the European Union, or EU on the 25 May 2018. There will be no grace period for enforcement ,as the regulation was actually adopted in April 2016.
In simple terms GDPR applies to both automated personal data and to manual filing systems containing personal data. However similar to the Data Protection Act under GDPR the definition of Personal data expands into sensitive personal data.
The GDPR Principles set out the main responsibilities for organisations as follows,
- The GDPR requires that personal data be processed lawfully ,fairly and in a transparent manner in relation to individuals.
- Data must be collected and processed for specific, legitimate purposes only.
- Any collected data should be limited to what is necessary for the purpose.
- Personal data held by any organisation must be accurate and rectified or erased if it is not accurate.
- Personal Data needs to be processed in a secure manner ,including protection against unauthorised or unlawful processing ,as well as loss ,destruction or damage.
- The Data Controller needs to be able to demonstrate compliance with all these principles .This is known as the Accountability Principle.
- Awareness of GDPR is vital for all staff and not just Data Controllers or Hr Managers.
The Back 4 Good Academy is offering a unique suite of e-learning courses that provide comprehensive and detailed information on all aspects of GDPR and these courses can be delivered online, in-company or in classroom or training facility.
We recommend that in the first instance that organisations sign up for our GDPR Staff Awareness Course which has key earning objectives,
- Summarise the requirements of the GDPR principals for your organisation
- Explain the individual rights outlined in the GDPR
- Take basic precautions at work to keep personal data safe as per the principles of GDPR
- How and when to know how to report a data breach under the GDPR
Our e-learning courses includes and provides for a tracking system that informs the HR function of when employees have completed the Awareness Course which will ensure that your organisation are complying with GDPR.
If your or your organisation would like to put a GDPR Awareness programme in place within your organisation/company in advance of the key May 2018 date contact firstname.lastname@example.org in order for The Academy to draft a bespoke programme for you.