Search Our Site

We have 3,381,807 registered online learners.
1,045 new learners so far today.

5 things you should be considering when it comes to GDPR

schedule 8th September 2017 by Roger Moore in Virtual College

Office workers collaborating

All businesses and organisations across the UK have to comply with the European Union’s General Data Protection Regulation (GDPR). There’s no shying away from this legislation, even in post-Brexit Britain. It’s something businesses need to address or face damaging fines.

Probably the most significant impact of GDPR is on the way marketing communications are sent to customers and how personal data and information is handled and stored. Companies failing to follow the rules can be fined up to 20 million euros (£17 million) or four per cent of the global annual revenue - whichever is the greater amount.

Since the introduction of GDPR the ICO has recorded an increase of 160% in the number of complaints they receive, however they are yet to issue any fines under the new penalty structure.

Here are the five things your business should be considering when it comes to GDPR

  1. Data breach protocol

Major data breaches are becoming more and more common, with some of the biggest names in technology falling pretty to hackers. It’s essential for businesses to have a data breach protocol in place to support GDPR compliance.

The aim is to create a plan for dealing with any breaches that may occur, describing the nature and likely consequences of one along with the proposed measures of mitigating its possible effects. This way, organisations can to identify the data that was taken, and where the breach occurred.

  1. Privacy policy

Any business or organisation should ensure their privacy policy is kept up to date, as regulations around GDPR evolve and adapt from its initial launch. It should also evolve in line with changes to internal processes and structures.

Instead of waiting for GDPR to directly impact their company (this could very well be in the form of heavy fines if they fail to comply), employers should adopt a proactive stance by reassessing their current business strategy.

  1. Personal information

It’s essential to know and understand what personal information your company is storing, and why, as this is a central concern of GDPR. Under GDPR, personal data includes names, addresses, telephone numbers, account numbers, email addresses and IP addresses. PII data (personally identifiable information, can be client data or employee data and can be stored across different digital and physical repositories.

To ensure you’re compliant with the regulations, you need to follow the rules around why you collect personal data and how you store it, and for how long.

  1. PII (Personal Identifiable Information) data

To handle your PII data under GDPR, you’ll need to establish your procedures for where and how each type of data is stored, and stick to these procedures. You also need to make sure personal information is accurate and you have a legally valid and necessary basis for collecting and storing it.

Part of this basis is getting consent from the individual whose data you’re collecting, who then also have the right to access their data, and request for its deletion. This means being open and honest from the start in terms of what you intend to do with the data.

All your employees whose job responsibilities involve working with PII data should be given relevant training, and its worthwhile for everyone to be aware of the principles of GDPR to ensure compliance across your business.

  1. Privacy policy

Setting out your privacy policy is standard business practice, but GDPR stipulates that it should be clear and understandable for the user. Whereas before, these policies could be impenetrably long and complicated and full of legal jargon, they now need to be concise and use everyday language. 

Your policy should also highlight an individual's right to opt out of sharing their PII data for internal use or use by third-party companies, as well as show the firm’s stance on data security.

Visit our GDPR hub to find out more information


Related resources

Roger Moore - Virtual College

Author: Roger Moore

Roger graduated in economics from Warwick University and first had a career in teaching, progressing to head of business studies in a large comprehensive school. His long and varied marketing career included working for the world’s largest PR agency. He enjoys reading, swimming, country walking and watching and participating in racquet sports.

CPD
investors-in-people-silver
ISO 9001:2015
bcs-accredited-training-partner
Crown Commercial Service Supplier

Contact

+44 (0)1943 605 976

Virtual College

Marsel House

Ilkley

West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.

Login

We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.

LMS

You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.