Governance, Risk Management, Compliance

GDPR Awareness Training | Video

Posted by Mathieu Gorge on Aug 1, 2018 5:09:58 PM

Your GDPR compliance is in the hands of your employees. You can invest time and money into updating your data protection policy and strengthening your information security processes. But if your staff don’t know about GDPR, and what their role in your organization’s GDPR compliance is, you’re leaving yourself wide open to the possibility of a data breach - and with that, massive GDPR fines.

 

Providing GDPR awareness training is therefore crucial to your on-going GDPR compliance management. Check out this short information video by VigiTrust as an example of GDPR eLearning.   

 

Did you find this GDPR Awareness Training video useful?  The video is taken from VigiTrust's eLearning suite, which is a key part of the VigiOne GRC solution. 


VigiTrust’s library of InfoSecurity and Data Protection Awareness eLearning and Interactive Media on key topics such as GDPR, PCI DSS, Cyber security, Data Protection and relevant Regulations are continuously updated. 

VigiTrust works with you to ensure maximum relevance, customization and  personalization of any modules to include scenarios from your industry, your company’s vocabulary, and much more! 

 

Request Your Free VigiOne Demo 

 

 

Video transcript for 'GDPR Awareness Training Video'

 

GDPR, General Data Protection Regulation

 

In April 2016, the European Union (EU) Parliament adopted the General Data Protection Regulation (GDPR) for enforcement in 2018. 

It’s a new set of legal requirements designed to protect individual privacy rights and new standards for information security

 

What is the GDPR ?

“The EU GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy […]”

With its introduction, protecting privacy rights and ensuring the security of personal data are now the responsibility of any individual or organization that collects, processes, exchanges or stores personal information

 

The GDPR came into effect on May 25, 2018.

Any organization subject to GDPR must comply with the regulation as of this data, or be subject to the penalties

 

To whom does the GDPR apply ?

The GDPR applies to organizations of any size in any field that collect, process, exchange or store personal data on citizens of the EU

Personal Data refers to: Biometric Identifiers, Medical Records, Financial Records, Sales Records, IP Addresses, Email Addresses, Social Media Posts, Customer Surveys, Employee Information

 

Penalties for non-compliance

Breaching GDPR can lead to fines, from €10 million, or 2% of gross turnover (whichever is greater) to €20 million, or 4% of gross turnover.

Further, under GDPR provisions, any person or organization can file a lawsuit against an organization that is in breach of the GDPR

 

Key Provisions of the GDPR

1.You must demonstrate that you are in compliance with the GDPR

Privacy and security features must be built in to your products or services

 

2.You must take both “organizational measures” and “technical measures”

You must ensure that data are protected from theft, loss, tampering, and unauthorized processing

 

3.You must track and record how the data is processed

You must notify the supervisory authorities and individuals affected in case of a data breach



New Individual Rights

The right to access your personal data that has been processed

The right to have any of your incorrect personal data rectified

The right to have one’s personal information permanently deleted

The right to deny access to your personal information for direct marketing

The right to data portability, i.e. the right to request transfer of your personal data from one environment to an other



Measures to help ensure GDPR Compliance

  • Make sure the personal data you collect is accurate and can be edited or erased
  • Be able to legitimate your personal data collection or transmission
  • Limit access to any personal data
  • Use the most sophisticated encryption technologies available
  • Archive only the personal data you need and only as long as necessary
  • Keep to an absolute minimum the data you collect
  • Keep meticulous records of personal data that you collect
  • Use file exchange technologies
  • Hire a DPO if you are a public authority or in “large scale systemic monitoring”
  • If data stored in the cloud, ensure that the cloud has ISMS

 

Contact Us !

The best way for companies to start their assessment in order to comply with the regulation, is to wonder about the awareness of their data: 

-What type of data do we Control/Process?

-Where is our data stored?

-Who is accessing it and Why?

For further information, go to: Vigitrust.com

Topics: GDPR

VigiOne:

One GRC Solution, One Platform, Multiple Regulations & Standards 

Now you can get VigiTrust's award-winning products in one straightforward GRC suite. VigiOne helps you: 

  • Prepare
  • Validate
  • Comply

Across multiple regulations and standards, including:

  • PCI DSS
  • GDPR
  • HIPAA
  • ISO 27001

 

Subscribe to Email Updates

Recent Posts