Exactly one year today (on 25th May 2018), the General Data Protection Regulation (GDPR) will come into force. (***see below for a special offer)
Data Controllers and Data Processors now have just 12 months to prepare for the biggest change to the EU data protection regime in 20 years. With some breaches carrying fines of up to 4% of global annual turnover or 20 million Euros, everyone has to take GDPR seriously.
For those who are still yet to start their GDPR implementation programme, the ICO’s 12 steps to take towards compliance is a good place to start. We would emphasise:
- Keeping up to date with all the guidance coming out of the ICO and the Article 29 Working Party.
- Raising awareness about GDPR at all levels. We are running a series of GDPR webinars and workshops and our team of experts is available to come to your organisation to deliver customised data protection/GDPR workshops.
- Reviewing how you address records management and information risk in your organisation.
- Reviewing compliance with the existing law as well as the six new DP Principles.
- Revising privacy polices in the light of the GDPR’s more prescriptive transparency requirements. The ICO’s new privacy notices code is a very useful document for this.
- Reviewing information security polices and procedures in the light of the GDPR’s more stringent security obligations particularly breach notification.
- Writing polices and procedures to deal with new and revised data subject rights such as Data Portability and Subject Access.
- Considering who is going to fulfill the mandatory role of Data Protection Officer. What skills do they have and what training will they need?
Our GDPR Practitioner Certificate, with an emphasis on the practical skills required to implement GDPR, is an ideal qualification for those aspiring for such positions.
The next 12 months need to be spent wisely. As well as training, Act Now can deliver GDPR health checks to assess where you are and guide you to where you need to be.
And as if there isn’t enough to do, the EU Policing and Criminal Justice Data Protection Directive which contains new rules for Data Protection for law enforcement agencies (as well as others) when processing personal data relating to crime and justice has to be implemented by 6th May 2018. Oh and a new Regulation on Privacy and Electronic Communications covering, amongst other things, direct electronic marketing will come into force on 25th May 2018.
An exciting time to be involved in privacy and data protection!
*** To mark the occasion and help you prepare for GDPR coming into force, Act Now will apply a 25% (see what we did there?) discount to all bookings for our GDPR one day workshops received today (25th May 2017).
* Please note the full booking details have to be received by us. Offer applies to new bookings only which are received today only.