Register now for GDPR workshops organised by Ortolan People

The EU General Data Protection Regulation (GDPR) is the biggest global regulatory development in in 20 years and will harmonise data protection standards across EU member states. Every company or organisation that uses the personal data of EU residents has until 25 May 2018, to comply with the GDPR. Failure to comply, or getting compliance wrong, could have extremely costly consequences with fines of up to €20 million or up to 4% of annual global turnover – whichever is greater.

Given the magnitude of potential GDPR fines, compliance must be a priority on the agendas of the board and senior management with a particular focus on comprehensive employee data protection training, which can result in a reduction in the level of fines.

With just over 6 months until the GDPR takes effect now is the time to pay attention. However, despite this, 55% of UK businesses are not confident they’ll be able to comply with GDPR by the May 2018 deadline and only 6% of UK businesses have made it a priority as opposed to 30% of businesses in France and 25% in Benelux. Perhaps this is due to confusion over Brexit, but be assured, if you’re a UK business handling EU citizen data, GDPR will still apply.

Organisations found in breach of the GDPR face regulatory sanctions and reputational damage, at a minimum. The scale at which these changes are coming – and the fines that come with them – is monumental. As outlined above, large organisations could suffer a massive setback if fined 4% of their annual income, but for SMEs, the potential threat of a regulatory fine may be enough to shut them down for good.

Human error causes most data breach incidents. Something as simple as attaching the wrong document to an email may seem like a harmless mistake, but if that attachment contains information about any individual from an EU country, this will likely put your company in breach of new GDPR regulations. Therefore, it’s important to ensure that your business avoids accidental data breaches by training your employees. Make sure employees understand what they need to do to remain compliant and avoid simple mistakes.

Employees should understand the financial and reputational risks to the organisation in the event of data breaches within the organisation. One of the new aspects of GDPR will be an obligation to report data breaches within 72 hours to the Information Commissioner’s Office (ICO), as well as potentially notifying individuals who have had their data compromised.

Training has always been an important element of compliance for data protection and even more so with the GDPR, given that an important component of the new regulation is the need for organisations to provide evidence of their compliance (currently such reporting is not obligatory).  Under GDPR, employee training and the recording and monitoring of employee training will be a vital aspect of every company’s reporting obligations.

Additionally, under Article 43, the GDPR requires “the appropriate data protection training to personnel having permanent or regular access to personal data” and the ICO will assess a company’s overall commitment to data protection and the adequacy of its compliance with the GDPR. Accordingly, the quality of training and commitment for further employee development is key and it is strongly encouraged to spread the message about privacy, data protection and security across all employees in the company. In particular, all employees who have access to personal data as part of their role, should be made aware of their responsibilities under the GDPR.

Being GDPR compliant will not only save your business from GDPR fines, but will also reduce the risk of brand and reputational damage. By taking the time to prepare properly today, your business will reap the benefits in the years to come.

Ortolan People is not part of Ortolan Legal.  It’s a professional services company which provides HR support to businesses including recruitment, training and assessment services.  Ortolan People has partnered with GDPR experts to offer training in this area, including several GDPR workshops over the next few months.  These will provide your employees with an understanding of data protection rights and responsibilities in line with the new GDPR.  To register your interest in attending one of these workshops and to take advantage of discounts available on training fees through Ortolan People, please click this link to contact Ortolan People or send an email to GDPR@ortolan.com.