How prepared are you for EU Data Protection reforms?

In a recent blog post, David Smith, Deputy Commissioner and Director of Data Protection at the Information Commissioner’s Office wrote about how businesses can prepare ahead of the upcoming EU Data Protection Regulation reforms which are likely to be finalised before the end of this year.

Once finalised, there will be a two-year transition period before all data protection regulation is harmonised among the EU’s 28 member states.

When in place, it’s expected that businesses will be expected to provide greater control over data to customers, and penalties for data protection breaches are likely to increase significantly.

Start to prepare sooner rather than later

Although the final regulation is yet to be agreed, there are a number of steps businesses can begin to put in place to ensure they’ll be well positioned to comply with them once they are finalised.

These include:

Establishing clear processes and policies for all data-handling activities and systems which can be audited and communicated should individuals request information on them
Considering how those processes and policies will be communicated to staff, and how you’ll keep track of who has been made aware of them
Establishing a process for updating those processes and policies so that they can be updated once EU Data Protection Regulation reforms are finalised

Simplifying staff training

VinciWorks specialise in compliance eLearning, and provide a number of courses related to information governance including Data Protection, Freedom of Information, Information Security and Records Management.

These courses enable your business to rapidly-deliver training to staff online – meaning staff can complete their training when it fits in with their schedules.

And, with an eLearning platform such as Astute, which we use to deliver our eLearning, you can easily keep track of who has completed what course.

When regulations do change, ensuring your organisation is compliant will simply be a case of updating your eLearning courses – and of course, we’ll be keeping all of our eLearning courses up-to-date with any changes to regulations.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”