General Data Protection Regulations (GDPR)
A GDPR eLearning course outlining the General Data Protection Regulation (GDPR).
The course covers how GDPR is different from the Data Protection Act, what the changes mean for those who process personal data and what is required to remain compliant.
An eLearning course outlining the new General Data Protection Regulation. The course covers how GDPR is different from the Data Protection Act, what the changes mean for those who process personal data and what is required to remain compliant.
Summary lesson 1 - Overview:
- GDPR will replace the EU Data Protection Directive 1995 and the UK Data Protection Act 1998.
- As a regulation GDPR applies directly and should reduce the level of national data protection variation across member states of the EU.
- GDPR applies to organisations based in the EU and organisations based outside the EU if they process the personal data of EU residents.
- GDPR introduces much tougher financial penalties for non-compliance with data protection.
Summary Lesson 2 - Roles and data:
- You must be familiar with the role you play so that you are aware of your responsibilities under GDPR.
- Personal data will include location data and online identifiers.
- If your primary basis for processing personal data is that you have consent, then this consent must be informed, specific and unambiguous.
- You must obtain an individual? explicit consent if you wish to process special category data.
- GDPR highlights the importance of protecting children? personal data used for online activities.
Summary Lesson 3 - Principles:
- GDPR principles determine how personal data should be processed.
- If you process personal data you must comply with these principles.
- GDPR includes a new accountability principle for data controllers and processors whereby they must be able to demonstrate their compliance.
- Privacy should be the default and incorporated into the design of systems.
Summary Lesson 4 - Individuals' rights:
- Individuals have the right to obtain information from the data controller on how and where their data is being used and for what purpose.
- The data controller must provide this information free of charge and in a commonly used electronic format.
- If rights are infringed, individuals can take legal action against data controllers and data processors.
- GDPR imposes restrictions on the transfer of personal data outside the EU.
This course is ideal for all employees who need to know about protecting data within your organisation.
- To explain the purpose of data protection.
- To define the terms and principles associated with data protection.
- To help you understand your responsibilities with regard to data protection law and ensure you comply with the law whilst carrying out your everyday duties.
How GDPR Training can help reduce your risk
The penalties for GDPR non compliance can be very severe. The Information Commissioner? Office (ICO), has a number of options should it find an organisation to be in breach of the new act. The previous maximum fine that the ICO could levy was õ00,000; the new penalties are much higher.
Breaching the new GDPR regulation could result in fines of up to 20 million or 4% of annual turnover, whichever is the higher.
By providing GDPR Training to your staff, you are ensuring that they understand the importance of GDPR to their role and to the organisation. These include the financial and reputational risks as well as the risk of disciplinary action if they were responsible for a data breach which harms the organisation. It is vital that staff know what to do if there is a data breach and how all data across the organisation is affected by the new Regulation.
A key point is that GDPR Training is ongoing, not just a one off. Retrain your staff and ensure that new starters are trained to maintain awareness levels and keep GDPR on the agenda.