Training GDPR Archives
The General Data Protection Regulation is one of the world’s strictest data privacy laws and requires privacy professionals around the globe to design and implement comprehensive compliance programs. In the past year, I developed a series of resources and training courses to assist privacy professionals with this complex task. 200+ pages of the GDPR summarized into 1 page! Download it for free here. This one page visual summary of GDPR will help you and your workforce understand many of the key elements associated with this law including Territorial Scope, Lawful Processing, Rights of Data Subjects, Enforcement and more. I created a new highly-interactive version of the GDPR Whiteboard – a computer-based module that can readily be used on internal websites to raise awareness and teach basic information about GDPR. It can also be used in a learning management system. The GDPR Interactive Whiteboard adds a new level of engagement to the analog GDPR Whiteboard. A Guide to GDPR Training will answer many of your questions about implementing workforce privacy awareness training. The GDPR mandates that all staff “Involved in the processing operations” receive privacy awareness training. Basic privacy awareness training for your general workforce. Advanced training for personnel who need more detailed knowledge of GDPR role-based training specific to an individual’s job function. I have several training courses to help organizations meet the GDPR requirements, such as the ones below plus courses on Privacy by Design, vendor management, risk and trust, and other important privacy topics. GDPR. This course provides an overview of the GDPR. It also explains the importance of GDPR compliance and the severe penalties that may be imposed for non-compliance. This course can also be offered in conjunction with other courses in our series – Privacy Shield and European Union Privacy Law. Why is privacy important? What is personal data? How do we protect privacy? Please check out our humorous 1-minute video vignette about the GDPR..
Vanderbilt’s answer to the new GDPR
This enters into force from May 25, 2018 and every company operating in one or more of the 28 EU member countries must abide by this regulation. This will have a big impact on how companies handle of personal data. Vanderbilt operates in the majority of EU’s 28 countries and processes all data in private and public cloud suppliers in the EU and USA. Therefore, the GDPR compliance is an important issue for us. Since the beginning of 2017, Vanderbilt has initiated several activities to comply with this new adjustment. As the EU regulation highly depends on the old German Data Protection regulation, we enlarged our already existing protection processes in Germany, and began to roll these out to our offices in other European countries. Until May 2018, their main task is to develop and implement a data protection concept. This includes obtaining general agreements with all our external suppliers to obligate them to store the relevant data and to operate according to the GDPR. Part of our agreement with suppliers is to get a list of third countries that might store our data. Mostly, we are using our GDPR compliant agreement for the commissioned data processing. If a supplier proposes their own agreement, we carefully check the content to ensure that all GDPR requirements are reflected. A special area of focus is Software-as-a-Service products such as Vanderbilt’s ACT365 and SPC Connect. These solutions must also comply with the new regulation. As we operate and store personal data from our customers, we emphasize on the security and encryption of the processed data, the storage time of data, and the design of the privacy and data protection. The actual GDPR will not be the final version as there are further needs yet to be addressed. The new obligation to inform the authorities about data privacy or security violations is on the right track, but it is not clear when an incident must be reported. Happily in the last broad cyberattack, Wannacry, Vanderbilt and our selected providers could not report any violation of our data usage.
New ‘Getting Ready for the GDPR’ Guide Mason Hayes Curran
While the GDPR builds on familiar concepts and rules, it also brings about many changes. To help prepare for these changes, we have launched our “Getting Ready for the GDPR” Guide. The Guide will serve as a helpful resource for those looking to get to grips with the GDPR in the coming months. The GDPR expands the territorial scope of EU data protection law, meaning a greater number of organisations will now be subject to it. The Guide explores the broad scope of the GDPR and explains which businesses could be caught by its wide net. Given the degree of work that many organisations will need to do to get ready for the GDPR, it’s important to understand, from an early stage, whether the GDPR applies to your organisation. Once the GDPR becomes law, the majority of its provisions will immediately apply. This means that organisations cannot wait to remediate issues or implement changes after 25 May 2018. Each of these issues are likely to be relevant to the majority of organisations to which the GDPR applies. While the GDPR builds on many familiar rules, it also introduces a number of significant changes and new legal concepts. The Guide explores a variety of these changes, including increased obligations around consent, greater transparency requirements for privacy notices, new security rules and breach reporting obligations, a revamped regime for enforcement, remedies and liability, and the introduction of the principles of privacy by design and default. One of the most notable and newsworthy changes is the introduction of the ability for regulators to levy significant fines in cases of non-compliance. Finally, the Guide explores certain roles and sectors and the relevance and impact of the GPDR in each context. In particular, the Guide provides an insight into how the GPDR will affect public sector organisations and HR managers. The Guide also analyses the impact for contracting, given the increased obligations for data processing agreements, and responsibilities around compliance and risk management, arising from the accountability principle.