What the ICO says –
“You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.”
What does this mean for your organisation –
As a certain toothy grinned politician once said… Education, Education, Education.
You need to ensure that from Board level down to the newest apprentice is aware of what is expected of them when it comes to data protection. I’m sure you would agree that all people in your organisation are key people, if they handle personal data then they certainly are.
Be aware that it is now the directors of a business that are ultimately accountable for data breaches and the ICO will take a dim view if you haven’t put in place all reasonable technical and organisational controls to reduce the risk of a data breach.
At BMGUK Consultancy Ltd, as a UKCC L2 Coach I am well versed at delivering educational presentations to all levels within a business.
At board level, the educational awareness needs to be aimed at the understanding of business risks involved with GDPR along with all the responsibilities for information handling. This then trickles down to education programmes to lower level staff so that they are fully aware of their responsibilities when dealing with personal data.
Think on, data breaches come in many guises not just high profile cyber-attacks. A staff member discussing sensitive information in earshot of someone who shouldn’t have access to that information is a data breach. How severe the breach is, depends on several things including the damage it could cause to the rights and freedoms of a data subject.
Get in touch and together we can get that awareness culture into your organisation.
The 12 Days of GDPR snippets are not designed as a guide to make your organisation GDPR compliant, they are just to whet your appetite to get you started. BMGUK Consultancy Ltd has one of the few certified EU GDPR Practitioners in the UK, so get in touch and I can assist your organisation to become GDPR compliant.
What is the GDPR? – It is the new evolution of data protection across the EU. On May 25th, 2018 the General Data Protection Regulation becomes enforceable so if your organisation processes personally identifiable information of any EU resident then you need to be prepared for the GDPR otherwise your organisation could face significant penalties.
From the largest multinational down to the smallest of sports clubs anywhere in the world, if your organisation offers goods or services, even free ones, to EU residents then it is highly likely that your organisation will be required to comply with the GDPR.
Whether your organisation is based in the UK or overseas, get in touch with BMGUK Consultancy Ltd for all your GDPR needs.