There’s no doubt we are well into the information age. Today, most organizations are operating entirely paperless corporate training and recordkeeping systems with private and confidential information now being processed and stored electronically. This unavoidable result of technological evolution means that data security is a primary concern for businesses and the people they service.
Government authorities have had to move swiftly to match this rapid pace of change. The European Union (EU) General Data Protection Regulation (GDPR) is the most significant revolution to data privacy regulation in 20 years, with noncompliance set to result in harsh financial penalties.
Is your organization ready for GDPR regulation changes?
What is GDPR?
GDPR is a regulation that aims to protect all EU citizens from privacy and data breaches. An initial directive was implemented in 1995; however, the need to update the policy has been driven by the increasing amount of data that organizations handle every day.
GDPR was approved by the EU Parliament on April 14, 2016 and will be implemented over a two-year transition period up to the final enforcement date of May 25, 2018, after which noncompliant organizations will face heavy fines.
Who will GDPR impact?
GDPR not only applies to organizations located within the EU; it applies to all organizations that process or store personal data of data subjects living in the EU. If your organization is located outside of the EU but offers goods or services to, or monitors the behavior of, EU data subjects, it must now comply with GDPR regulatory policies. Importantly, GDPR impacts both controllers and processors of data, which include “clouds.”
What are the key changes?
The key data privacy principles of the 1995 directive have been retained; however, the substantial changes below will impact the regulatory policies.
1.Increased Territorial Scope (Extraterritorial Applicability)
The biggest change is the territorial scope of jurisdiction. GDPR now applies to all organizations processing personal data of EU data subjects, regardless of the location of the business, where the data processing takes place, and if payment is received. Organizations not part of the EU processing the data of EU citizens must now appoint a representative within the EU.
The consequences of noncompliance are serious. An organization in breach of GDPR can receive a fine of up to 20 million euros or 4 percent of annual global turnover, whichever is greater. Penalties are determined using a tiered approach depending on the severity of the infringement.
Under GDPR, the intention of data use must be clear and easily understood by data subjects. Consent for data must be given through an accessible form using plain language with the purpose of use attached. Data subjects should also be able to easily withdraw their consent.
- GDPR provides data subjects with these rights:
- Breach Notification
- Right to Access
- Right to Be Forgotten
- Data Portability
- Privacy by Design
- Data Protection Officers
What do you need to do?
As an organization building a skilled workforce through corporate training, you need to understand GDPR and ensure compliance by the enforcement date. Failing to do so could have a devastating impact on your business operations.
PulseLearning takes data protection seriously. By collaborating with us for your online or blended corporate training needs, you can have peace of mind that we understand and can support your organization in preparing for the implementation of GDPR. We understand the importance of undertaking due diligence now to ensure you are covered later.