How do you ensure GDPR compliance for telephone interviews conducted for the purpose of market research? If you’re a market research company, or indeed conducting market research directly, you’ll be keen to ensure that data processing is in line with the EU’s General Data Protection Regulation.
Your GDPR compliance is in the hands of your employees. You can invest time and money into updating your data protection policy and strengthening your information security processes. But if your staff don’t know about GDPR, and what their role in your organization’s GDPR compliance is, you’re leaving yourself wide open to the possibility of a data breach - and with that, massive GDPR fines.
Providing GDPR awareness training is therefore crucial to your on-going GDPR compliance management. Check out this short information video by VigiTrust as an example of GDPR eLearning.
GDPR is not all about consent. It looks like a lot of organisations are only concentrating on consent or are seeking consent on a “just in case” basis. If this is how your company is approaching GDPR compliance, then be warned that this may well create problems for you at a later stage.
Staff training is a requirement of GDPR compliance. Rightly so, because human error is the leading cause of data breaches. Rather than just viewing training as a checkbox to tick for GDPR compliance it ought to be at the forefront of your organization’s data protection plans. Make human resources the metal strength of your GDPR compliance policy and not the weakest link in the chain.
So, who in your organization needs GDPR awareness training?
The General Data Protection Regulation (GDPR) deadline of 25 May 2018 is fast approaching. Like many others, you’re probably feeling anxious about your organizations’ GDPR compliance. GDPR brings about a far trickier regulatory environment and the fines for non-compliance with GDPR are hefty to say the least.
However, if your organisation controls and stores cardholder data then in my opinion you can breathe a small sigh of relief. The reason is that your organization is already required to comply with the Payment Card Industry Data Security Standard (PCI DSS), which has got a lot in common with the GDPR.