Are You GDPR Ready?
What is GDPR? How does it affect my business? What do I have to do to get GDPR ready?
There is a whole host of information available on the web about GDPR and the more you read, the more confusing it can all seem. So let’s break it down.
The General Data Protection Regulation (GDPR), was introduced in April 2016 by the Information Commissioner’s Office (ICO), and by May 2018 companies must comply with this regulation.
Who needs to adhere to these regulations?
Every company and organisation who deals with personal data of a living person in the EU, including the UK before and after Brexit.
Personal data is any information that can identify someone, be that a name, a National Insurance number or any other such information. So if your business is keeping databases of living individuals or clients, and who isn’t these days, then you have to comply.
What happens if a company doesn’t comply to GDPR regulations?
If there is a breach in your handling of personal data, for instance because it is hacked, mistakenly lost or released to the wrong person, then you are obliged to notify the ICO within 72 hours of becoming aware, so that they can investigate if they think it’s necessary.
The sting in the tail is, if you are found to have breached the GDPR your business can be fined a maximum of 4% of your annual gross international turnover or €20,000,000 – whichever is greater.
It’s very much like Health and Safety was when it was enforced many years ago. At that time it was something that had to be adopted, but little attention seemed to be paid until the heavy fines and prosecutions took place. Health and Safety is now commonplace in business and is adhered to as a matter of course, the aim is GDPR will be too.
It’s unlikely that Data Protection Officers are not fully aware of the implications of introducing GDPR, and the risks to their business if they don’t. However, they are probably quietly struggling with the responsibility of mapping out the requirements. And if you don’t have a Data Protection Officer and are allocating this to an individual to deal with, then you really do need to be mindful of the task ahead.
What does a company need to do to comply?
There are only 9 months left until enforcement, so this now needs to be a priority for your business.
A full understanding of GDPR needs to take place and several actions need to happen.
- A data mapping exercise is needed to understand what personal data you process.
- A GDPR compliance gap analysis is needed to identify any weaknesses.
- A risk assessment is needed to identify how your processing exposes your organisation and the people whose personal data you hold.
One of the absolute key requirements is to make your staff aware of GDPR, and to provide them with an understanding of how to appropriately handle personal data, so as not to expose your organisation to fines.
Why is training necessary?
Training is essential. In order to satisfy GDPR accountability requirements and mitigate the risks you currently face, your staff need to undertake a learning process which you can be confident is of a high standard and auditable.
Research shows that 80% of data breaches are caused through staff error and it is most likely that staff naivety will be the cause of a GDPR breach.
How can a company get the training it needs?
Cybus Global Ltd are an international company whose Head Office is in Exeter. We specialise in high end eLearning and aim to reduce risks to companies through staff training.
There are two eLearning courses that are priorities for businesses at the moment.
- GDPR Staff Awareness Training Course.
- Cyber Security Staff Awareness Course.
Our eLearning Courses are high end, can be taken at any time on any smart phone, device or PC and allow monitoring of who is actually taking the courses and the pass rate. We offer this ability to monitor courses completely free as part of the product.
Having your staff take these courses will significantly reduce your exposure to the risk of them breaching the requirements under GDPR. It will also provide them with the knowledge and understanding to protect your organisation from being breached.
What’s the next step?
For further information on GDPR the ICO website is a good starting point. You will find a number of national and occasionally local seminars taking place. Be mindful though, many of these seminars spell out the problem but offer no solution.
At Cybus Global we offer you a solution, the vital staff training and awareness your company needs to get GDPR ready.
Please feel free to get in touch, we’re happy to give advice and solutions to your training needs.