The spring of 2018 feels like a lifetime ago, given everything else that’s taken place since then, but on the 25th May that year, a monumental piece of legislation came into effect - the GDPR (General Data Protection Regulation). Through the madness of lockdowns, implementation of Brexit, and the revolving door at 10 Downing Street, the GDPR has remained just as important as the day it was introduced.
What is the GDPR?
Let’s quickly refresh our memory of this important law. The GDPR is a piece of legislation created by the European Parliament in order to standardise data protection laws across the entire EU; ensure the rights and freedoms of EU citizens with regards to their personal data; and to future-proof data protection - especially vital as technology and the ways in which we create/share data continue to evolve.
How has Brexit affected the GDPR?
At the end of 2020, when the UK officially got its Brexit on, it brought the GDPR with it. Well…almost. It made a few changes to make it UK specific and remove any mention of the EU and its various institutions, but otherwise it remained more or less intact.
So, far from Britain’s exit from the EU meaning that organisations can roll back the many changes they made to comply with the GDPR, it means that maintaining those changes is more important than it ever has been. This means continuing the effort to remain vigilant to data protection issues; upholding individual rights; and being transparent, fair, lawful, accurate, considerate, responsible, and accountable for their actions.
The importance of GDPR compliance
By now, most organisations will have policies, practices, and procedures in place to ensure that they collect, process, store, and share data in full accordance with the law. But one aspect of GDPR which can sometimes be easily overlooked is the requirement to educate and train employees.
What some organisations may not realise is that this was not a one-off event - something which needed to be highlighted back when the GDPR was still a hot topic and Corona was just a brand of lager. It is an ongoing requirement to ensure that every employee understands what the GDPR is, what it looks like in practice, and why compliance is so important.
For relevant organisations, this responsibility is usually handled by a Data Protection Officer (DPO). But whether or not you have one of these jolly fellows at your workplace, you still need to ensure that employees receive initial training, ongoing refresher training, and that you keep a record in order to prove compliance, should that ever become necessary.
Let’s put it this way. If your organisation suffers a data breach, the Information Commissioner's Office (ICO) has the ability to impose a maximum penalty of £17.5 million or 4% of total annual worldwide turnover, whichever is higher. Those numbers aren’t to be sniffed at. However, if you can prove that your organisation had done everything it reasonably could to avoid a breach - including the provision of ongoing training to all staff - then they’re more likely to reduce or waive a penalty altogether.
Organisations have enough to contend with without needing to worry about whether they’re providing adequate training to their staff. So, let us help. iHasco has over 25 years experience providing world class compliance training that enables organisations to focus on what really matters to them.
We offer both essential and advanced GDPR courses, provide course completion certificates to prove compliance, and can provide alerts and reminders to make sure that your staff are always up to date.