Two big well known brands have been hit with multi-million pound fines this week on GDPR compliance, prompting organisations to take another look at their policies.
Learn more about GDPR for your business
Working with industry, public sector and legal professionals, Me Learning has developed a suite of GDPR courses aimed at all levels of your organisation accredited by GCHQ and written by information security lawyers, Clayden Law.
So if you are unsure whether you need to take action take a look at our quick guide:
The seven key changes of GDPR…
1. Have you appointed a Data protection officer?
Organisations that use people’s data need to appoint a Data Protection Officer (DPO).
2. Have you updated your contracts to reflect the changes?
If not, you need to include specific additional wording on how personal data will be stored and protected in any contracts.
3. Is Consent freely given, specific and informed?
Consent is much more stringent than under the DPA. It has to be “freely given, specific and informed”.
4. Do you have good systems in place to provide individuals with information on what personal data is collected, as well as how long it will be stored?
If not, this needs to be put in place.
5. Do you have good systems in place to allow people the Right to be forgotten?
GDPR gives people stronger rights to allow people to request that information about them is removed.
6. Are you aware of how and when to Report breaches?
In case of a serious breach where, say, personal data has been lost or disclosed without authorisation, organisations will have to inform the Information Commissioner’s Office (ICO) within 72 hours.
7. Are you aware of quite how high the Sanctions are?
The maximum penalties for non-compliance have now increased from £500,000 to up to four per cent of an organisation’s global turnover.
Does your organisation cover all these points?
If your answer is NO to any of these 7 points, check out our courses to see what can be done to fix it.