This article was published on August 11th, 2017
There is no denying that data breaches are becoming ever more commonplace in today’s society. Cyber-attacks that result in data breaches for some of the largest organisations in the world dominate the headlines, with hacking groups competing to claim the biggest victim.
However, many data breaches occur as a result of a simple error that could easily be avoided. A data breach can occur as a result of an employee doing something they shouldn’t or it may even be a simple case of human error. Examples might include sending information to the wrong email address, an unencrypted USB stick getting lost in the post or perhaps somebody may not store paper files in the office correctly.
Whilst data breaches to date have been a major cause for concern for both organisations and their clients or partners, the imminent introduction of the General Data Protection Regulation (GDPR) will make it imperative that staff not only understand what the GDPR is but also the implications for the business or organisation should there be a case of non-compliance.
The GDPR requires that companies show evidence of their compliance, and in the event of a breach, the company could face a series of penalties including fines of up to £20 million or 4% of their global turnover (whichever value is higher).
This makes correct training for all staff handling data essential.
We’ve put together our top tips to ensure you and your staff are GDPR ready.
Whilst the GDPR is set to come into force in May 2018, the time to start training is now. In many cases, there will be a lot of work to be done by a company’s senior management team as well as the Data Protection Officer before the company will be able to comply with the GDPR. Urgency is also key as there has been no indication that there will be a grace period for any company found to be non-compliant in May 2018. Therefore it is vital that you and your business are fully prepared come next year.
It sounds simple enough, but both you and your staff must fully understand the GDPR in order to adhere to its rules. Things to consider include; are your staff aware of how damaging a breach of the GDPR could be for the financial position and reputation of the company? Do they understand the purpose of the GDPR?
Once they are aware of the risks involved, as well as the rationale behind the Regulation, they can start to appreciate the significance of data protection laws and why they must adhere to certain company policies.
The training you and your employees undertake should be relevant and specific to your business. This will allow your employees to relate the new policies and procedures to their day to day roles. Training activities can range from encrypting data in emails, changing passwords on a regular basis, destroying confidential waste, to learning how to keep paper files secure when the office is empty.
Your employees are on the front line when it comes to data breaches, so it is vital that they are fully aware of how to spot a data breach, as well as how to report possible red flag situations.
One of the main obligations that the GDPR will introduce is that data breaches must be reported to the Information Commissioner’s Office within 72 hours of the breach occurring. Companies must also notify any individuals or customers who may have been affected within the same time frame. A clear policy should be put in place surrounding data breaches before May 2018 so that employees can report them in a timely and effective manner.
Online training is a viable option and should get most people ready for the GDPR. But is ‘should’ good enough when you could be fined £20 million? By providing face to face training with an expert, you are giving your staff a reliable and personable outlet to learn from. Providing face to face training will allow your employees to ask pertinent questions that online tutorials simply don’t cater for, meaning the likelihood of your staff fully understanding the new Regulation is increased.
May 2018 arrives, and your organisation is fully prepared for the GDPR that is coming into play. You think your job is done and that your GDPR worries are a thing of the past. Wrong!
A key strategy for every business going forward should be the continuation of training, even after the introduction of the new Regulation. New employees should be trained on GDPR issues as part of their induction before they are allowed to access company and customer data.
Training for those who have already been trained previously should also remain a priority, in order to ensure that all employees are always up to date with any changes or developments surrounding the GDPR or to highlight any changes in company policies where data protection is concerned.
We hope you find these top tips helpful, and that you are fully prepared come May 2018. If you would like any further information about the GDPR then please click here.
At Thorneycroft Solicitors we aim to build long-term working relationships with our clients, in order to understand their specific requirements and long term vision.
By providing competitive rates, flexible fee structures and high quality, innovative advice, we bring added value to our client’s businesses and help them to maximise every opportunity.
We are sure that you will find our team both friendly and approachable and each of our solicitors is an expert in their own area of law, ensuring that you receive up-to-date professional advice and information.
For further details or if you are interested in a consultation that may help protect your business, please contact a member of our team for free by calling 0800 1979 345 or complete our online enquiry form by clicking here.