Your GDPR compliance is in the hands of your employees. You can invest time and money into updating your data protection policy and strengthening your information security processes. But if your staff don’t know about GDPR, and what their role in your organization’s GDPR compliance is, you’re leaving yourself wide open to the possibility of a data breach - and with that, massive GDPR fines.
Providing GDPR awareness training is therefore crucial to your on-going GDPR compliance management. Check out this short information video by VigiTrust as an example of GDPR eLearning.
Did you find this GDPR Awareness Training video useful? The video is taken from VigiTrust's eLearning suite, which is a key part of the VigiOne GRC solution.
VigiTrust’s library of InfoSecurity and Data Protection Awareness eLearning and Interactive Media on key topics such as GDPR, PCI DSS, Cyber security, Data Protection and relevant Regulations are continuously updated.
VigiTrust works with you to ensure maximum relevance, customization and personalization of any modules to include scenarios from your industry, your company’s vocabulary, and much more!
Video transcript for 'GDPR Awareness Training Video'
GDPR, General Data Protection Regulation
In April 2016, the European Union (EU) Parliament adopted the General Data Protection Regulation (GDPR) for enforcement in 2018.
It’s a new set of legal requirements designed to protect individual privacy rights and new standards for information security
What is the GDPR ?
“The EU GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy […]”
With its introduction, protecting privacy rights and ensuring the security of personal data are now the responsibility of any individual or organization that collects, processes, exchanges or stores personal information
The GDPR came into effect on May 25, 2018.
Any organization subject to GDPR must comply with the regulation as of this data, or be subject to the penalties
To whom does the GDPR apply ?
The GDPR applies to organizations of any size in any field that collect, process, exchange or store personal data on citizens of the EU
Personal Data refers to: Biometric Identifiers, Medical Records, Financial Records, Sales Records, IP Addresses, Email Addresses, Social Media Posts, Customer Surveys, Employee Information
Penalties for non-compliance
Breaching GDPR can lead to fines, from €10 million, or 2% of gross turnover (whichever is greater) to €20 million, or 4% of gross turnover.
Further, under GDPR provisions, any person or organization can file a lawsuit against an organization that is in breach of the GDPR
Key Provisions of the GDPR
1.You must demonstrate that you are in compliance with the GDPR
Privacy and security features must be built in to your products or services
2.You must take both “organizational measures” and “technical measures”
You must ensure that data are protected from theft, loss, tampering, and unauthorized processing
3.You must track and record how the data is processed
You must notify the supervisory authorities and individuals affected in case of a data breach
New Individual Rights
The right to access your personal data that has been processed
The right to have any of your incorrect personal data rectified
The right to have one’s personal information permanently deleted
The right to deny access to your personal information for direct marketing
The right to data portability, i.e. the right to request transfer of your personal data from one environment to an other
Measures to help ensure GDPR Compliance
- Make sure the personal data you collect is accurate and can be edited or erased
- Be able to legitimate your personal data collection or transmission
- Limit access to any personal data
- Use the most sophisticated encryption technologies available
- Archive only the personal data you need and only as long as necessary
- Keep to an absolute minimum the data you collect
- Keep meticulous records of personal data that you collect
- Use file exchange technologies
- Hire a DPO if you are a public authority or in “large scale systemic monitoring”
- If data stored in the cloud, ensure that the cloud has ISMS
Contact Us !
The best way for companies to start their assessment in order to comply with the regulation, is to wonder about the awareness of their data:
-What type of data do we Control/Process?
-Where is our data stored?
-Who is accessing it and Why?
For further information, go to: Vigitrust.com