Search Our Site

We have 3,783,671 registered online learners.
238 new learners so far today.

GDPR: How should your company ensure it has the right skills and capabilities for the future?

schedule 12th October 2017 by Roger Moore in Virtual College Last updated on 24th April 2018

Business talking amongst each other

In less than a year's time, one of the biggest regulation changes to data protection will occur, so how can your business ensure it has the right skills and capabilities for the future?

On May 25th 2018, the General Data Protection Regulation (GDPR) will become law to any business that operates within the European Union (EU) regardless of Brexit. This will mean that companies will have to rethink the way they handle data on a company-wide scale.

The GDPR has been designed to protect the way citizens’ data is handled and ensure that organisations are including ‘privacy by design’ in their security strategies, so they are held more accountable to their customers.

Currently, businesses in the UK and EU that gather information on individuals do not have to reveal if they have been hacked, but as of next May, this will all change and companies that fail to adhere to this could face huge fines. Moving forward, how can you ensure that your company has the right skills for the future? Here we take a look a factors you need to be aware of.

Rights of the individuals

The GDPR will allow citizens to request their data to be forgotten and restrict the amount of information a company holds on them. This is why businesses must ensure they have enough resource to go over the rights of the individuals they have data on and check their procedures. This must include how you would delete personal data electronically and in a commonly used format.

Spreading awareness

While the decision makers and key professionals within your organisation may have heard of the upcoming GDPR, they may not fully understand it or be aware of its complications. To ensure a smooth transition and to avoid any fines that harm your business, it is crucial that they are brought up to speed on the impact this will have.

Once they are aware, the correct training can be provided to the rest of the company to make sure they are compliant.

Lawful basis

A capability that your business must confirm is whether or not it has a lawful basis for processing personal data. Companies must identify the lawful basis for their processing activity in the GDPR, document it and then update their privacy notice to explain it.

Appoint a DPO

Depending on the amount of data you process, you may need to hire a data protection officer (DPO) to take responsibility for data protection compliance and assess the impact this will have on the business's structure. Even if you’re a small business, if you handle a high volume of data, it is likely you’ll require a DPO.


Related resources

Roger Moore - Virtual College

Author: Roger Moore

Roger graduated in economics from Warwick University and first had a career in teaching, progressing to head of business studies in a large comprehensive school. His long and varied marketing career included working for the world’s largest PR agency. He enjoys reading, swimming, country walking and watching and participating in racquet sports.

ISO 9001:2015
Crown Commercial Service Supplier
LPI Accredited Learning Technologies Provider


+44 (0)1943 605 976

Virtual College

Marsel House


West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.


We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.


You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.