GDPR Compliance – is Your Workforce Ready?

By February 13, 2018Uncategorized

Coming 25th May 2018, the EU’s General Data Protection Regulation (GDPR) brings the most significant change in last two decades to data privacy for all EU citizens. It has a global impact no matter where your organization is located, if it affects any business that deals with personal data of the EU citizens.

But do you know?

As per the recent study conducted by FOSWAY –

  • 24% of organizations are not prepared for the GDPR
  • 42% of organizations are still preparing
  • While only 6% of L&D organizations are currently prepared for the new regulation.

Isn’t this alarming? Yes, because the GDPR imposes a wide range of compliance obligations on businesses, functioning in and outside the EU.

The GDPR aims to safeguard personal data of all EU residents and protect them from data breaches in today’s data-driven world. It will create new rights for individuals and enforcements for organizations. The regulation is pivotal for businesses as it will change the way they approach data protection, information security, and governance. Although the key principles of data protection still hold true to the existing directive, the GDPR has introduced some radical changes in the way organizations are required to use and manage personal data.

So, what are the key changes introduced by the GDPR?

Valid Consent:

The GDPR compels organizations to receive an affirmative consent from individuals to process their data. Silent and pre-ticked boxes are not sufficient to constitute a consent.

Individual rights:

With an aim to provide more freedom and control to citizens over their personal data, the GDPR provides new individual rights in addition to the existing rights. The GDPR introduces well-defined processes for individuals to execute these rights.

Accountability:

The legal authority of processing personal data remains with the Data Controller. However, the GDPR expands significantly upon the processors’ responsibilities over handing personal data. Moreover, Data Processors are far more liable in case of non-compliance.

Breach Notification

The GDPR sets new standards of data breach reporting. Under the GDPR, it will be obligatory for all organizations to notify a personal data breach within a set timeline to the relevant supervisory authority and, also to the individuals, in certain situations.

Higher Sanctions

And why is this all important? The risks of non-compliance with the GDPR are huge with fines potentially totaling 20 million euros or 4% of annual worldwide revenue, depending on whichever is higher. This is a very tough scale of penalty that has ever been applied previously.

As the countdown to enforcement begins, it’s important to ensure that your oganisation is well prepared to face this transformational change. Acting now and putting in place the right mechanisms and processes is crucial to achieving GDPR compliance. The path to GDPR compliance might seem to be complex, but it can be achieved if all the organizations train their employees about the regulation and its implications.

The task of training the entire workforce on GDPR as per their roles’ accountability, within the stipulated time, might seem overwhelming! But it is achievable with the right learning strategy.

Microlearning approach is best suited for this training need, as it helps you structure the entire training in small, digestible learning nuggets easily understood by the target audience. As Training Managers, you can push the awareness building modules to all the employees and the detailed modules to those with specific accountability within GDPR. From Employee’s perspective, they can understand and build knowledge about GDPR and how it impacts them by taking small modules at a time.

Newgen offers a ready-to-use set of five bite-sized GDPR modules that translate to a complete training solution. This capsulated format is designed such that they can be accessed on any device and at any time. Moreover, the microlearning approach of this training ensures that the modules can be prescribed as per the employee’s role and area of accountability in the GDPR.

Each module provides a quick overview of key points that make it easy to grasp the regulation and its potential wide-ranging impact. Where required, the content can also be customized to include your organisation’s GDPR-specific details. The training helps you create organisation–wide awareness of the GDPR and provide the necessary knowledge about the regulation.

Given the stringent nature of this regulation, it is critical that each employee is GDPR ready!

To make sure you and your organization are fully GDPR-compliant, contact us to find out more about our GDPR learning solution offering!