On the 25th of May 2018 the UK will adopt GDPR which is the EU General Data Protection Regulation. This new piece of legislation is highly detailed and indicates the biggest change in laws relating to data protection over the past two decades. It makes significant improvements of the Data Protection Act of 1998 especially regarding customer data and will carry strict penalties for companies that aren’t compliant. Fines are reported to be as high as 4% of annual global turnover or as much as £20 million.
Aside from making organisations more accountable for how they process customer data, it also affords individuals more rights in terms of controlling how their personal data is collected and processed. GDPR is long overdue, and the deadline for compliance cannot come soon enough. Especially given how many large data breaches have occurred recently across a wide variety of platforms, from banking databases through to social media, putting people at risk by exposing their personal data.
The basics of GDPR compliance
Because the regulation is so detailed, compliance is not as simple as ticking a few boxes. GDPR demands that companies are no longer flippant about customer data. They will need to demonstrate what policies and procedures are in place to ensure individuals rights are protected through transparency and accountability. This will also require a culture shift, ensuring that employees understand the responsibility they have in creating an environment where data privacy and security are prioritised.
If your organization has not already started putting compliance policies in place, then it’s unlikely that you’ll be able to get 100% compliant by 25 May. Don’t panic, however, for the vast majority of companies compliance will be a long-term project that could even span years. What is important though is that you are able to identify current vulnerabilities and have policies in place to show how you’re rectifying or addressing these matters. While it is not ideal, this will at least help in reducing penalties that may be incurred.
Will GDPR compliance be influenced by Brexit?
The governments Information Commissioners Office (ICO) has confirmed that the regulation will apply to the UK regardless of Brexit. This is partly because the regulation will come into effect long before the UK actually leaves the EU. Additionally, there is a new Data Protection Law being tabled that applies the GDPR regulation to UK Law. The bottom line is that Brexit cannot be cited as an excuse for non-compliance.
Additionally, companies need to understand that the GDPR is primarily about protecting personal data. This means that any company that engages with EU citizens in any way will be obligated to protect the data they collect and gain the individuals permission to have it in the first place.
Digital learning and getting GDPR compliant
GDPR operates on a number of principles such as transparency and accountability and it will therefore be important that all employees understand what these are and how they will impact the future of how they work. Because this is detailed and very specific information it is best taught in bite-sized chunks. It would be unrealistic to expect employees to sit through a GDPR workshop and then be able to remember and apply everything that was presented.
What is significant is that GDPR includes the protection of genetic and biometric data in addition to other kinds of personal data. So there is much more to take into consideration. The vast majority of organisations will likely need to invest in improving their data security if they are to be compliant. But how do you implement protection policies if employees don’t understand how what and why the data needs to be protected?
Enter Errol Owl
Digital learning platforms such as Errol Owl (Ember Real Results Online Learning) can support GDPR learning by allowing employees to work through the principles of the regulation at their own pace. While the default with Errol is that learners will get a daily email with learning information and questions to test their knowledge, organisations can decide on how many questions learners get and how often.
Additionally, the way Errol structures the learning process also supports learning retention because information is presented in a way that is easier to remember. Testing knowledge by asking questions further embeds learning. This helps to improve the transfer of knowledge and encourages employees to apply the learning daily in the workplace.
Where the incorrect answer is chosen Errol can link to your Learning Management System or knowledge base to drive traffic to the right resources.
Digital learning can go a long way to creating the culture shift necessary to accommodate GDPR. Since a lot of data is stored electronically it helps to teach the principles of GDPR electronically too! More importantly, it is quick and easy to implement and eases the burden of at least one aspect of GDPR compliance. Once employees understand the principles and scope of the regulation they will be better equipped to help the organisation identify potential risks and start to put policies in place that can help the organisation become compliant.
For more information on a GDPR solution through Errol Owl contact us here.