Search Our Site

We have 3,192,796 registered online learners.
908 new learners so far today.

Am I ready for GDPR? Five questions to ask

schedule 25th May 2018 by Mark Harrison in Virtual College

GDPR Checklist

GDPR is here, but a great many businesses are still not entirely sure if they’re ready for the new laws. In reality, the general principles aren’t too complicated, and in the majority of cases, if you understand the spirit of the regulations, then it won’t be overly difficult to stay on the right side of the law. With this in mind, we’re going to go through five questions that you should ask yourself to determine whether or not you’re suitably prepared.

Have you reviewed the data you hold?

The first step in becoming GDPR compliant is conducting a review of the data that you hold. If this hasn’t been done yet, then it’s a matter of priority. You need to sit down and work out exactly what information you hold about individuals, why you hold this information, and whether it’s all stored together or is disparate. Understanding this will help you decide if you have any major changes to make, or whether you just need to tighten up some processes. You’ll find it much easier to deal with the requirements of GDPR, and indeed all data-related legislation, if you have excellent metadata – that is, data about the data that you’ve got. This will be essential in scenarios where an individual exercises their right to request what information you hold.

Are you storing data securely?

Most businesses are now fully aware of their obligations when it comes to keeping individuals’ data safe, so this point shouldn’t be of too much difficulty for most businesses. All data needs to be stored securely both physically and digitally, which means everything from using trusted cloud data providers, to ensuring passwords are kept safe, to keeping rooms where data is stored, locked and monitored. While we’re on this point, it’s important to know that GDPR also introduces a strict requirement for organisations to report any data security breaches in a timely fashion. Here in the UK, that means reporting them to the (ICO) Information Commissioner’s Office.

Does your business as a whole understand GDPR?

Whatever your role in the organisation, whether you’re an owner, manager, or you work in IT, you musn’t assume that everyone else knows what GDPR is going to bring. Just because it has such wide-reaching implications, it’s important that everyone in the business has an idea of what the regulations mean. There are two points to this. The first is that everyone needs to know of any new policies that you’ve introduced in order to be able to follow them. The second is that there might be things that you, or other people responsible for implementing GDPR changes, have not thought about. Everyone can have an input. If you’re in a position where lots of people need to understand GDPR, or you yourself feel that you need more information, then it may be wise to seek professional help. Courses are available from Virtual College on this subject Click here to see the courses available. click here to be taken to our course page.

Do you have a plan for acquiring consent?

This is probably the biggest potential change for businesses. GDPR insists that organisations must have legal grounds for the collection and processing of an individual’s information. In many cases this will simply be that the information is essential to carrying out the service requested by the individual, who is likely to be a customer. However, if information is not explicitly required to carry out this service, then the organisation will need to seek consent to collect and process the information. This potentially has wide ranging impacts. For example, if an individual purchases an insurance policy, then certain details will be essential to this and naturally collected in order to carry out the service. However, if the insurance company wanted to use, for instance, the individual’s email address for marketing purposes, explicit consent would have to be sought. As a result, you need to establish whether or not you should be collecting consent alongside data, and you need a plan in place to do this.

Have you considered individuals’ new rights?

One of the other changes that might require new processes is that of subject access requests. According to the GDPR, you must now respond in a timely fashion to anyone requesting to know what information you hold about them. Similarly, you must also be in a position to delete this information if requested. This goes back to the first point about understanding the data that you hold. In either scenario, you’ll need to make sure that you have a process in place should anyone make a request. It’s highly unlikely for a great many businesses, but you need to be aware nonetheless.

Mark Harrison Author

Author: Mark Harrison

Mark is a Learning Technology Consultant with over 18 years’ experience developing and managing client relationships. Utilising this experience, he is able to help his clients achieve better results through creative learning solutions. Away from work, his passion for rugby is eclipsed only by his love of a great curry.

CPD
Investors
ISO 9001:2015
Microsoft
Crown Commercial Service Supplier

Contact

+44 (0)1943 605 976

info@virtual-college.co.uk

Marsel House

Ilkley, West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.

Login

We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.

LMS

You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.