Anyone who spends any time looking at HR related social media will have noticed the dominance of General Data Protection Regulations (GDPR) in posts over recent weeks. It’s as if the whole HR profession has ignored something that was announced two years ago and as the deadline for compliance gets increasingly closer there has been some form of mass panic.
The implementation of GDPR will according to research conducted by the Cybersecurity and Information Resilience division of the British Standards Institute (BSI) affect 97percent of businesses, but the same research identified that just 5percent of businesses claim that they will be compliant with the regulations when they come into force on 25th May 2018.
Not being compliant with the stricter rules concerning data protection that GDPR will impose could be an expensive mistake. With the supervisory authorities suspected to be keen to find companies to use as an example to encourage greater compliance we can expect to see them imposing fines up to the maximum 20million Euros or 4percent of an organisation’s annual global turnover.
When there is a big data security problem at a big organisation it makes the TV news bulletins and the front pages of the tabloids. We don’t hear about the smaller businesses that are affected by the same sort of incidents, yet 20percent of businesses have had a data compromising incident in the past 12 months. The problem is bigger that you would think, and it is getting more difficult to comply. The Data Protection Commissioner reported 2,795 valid data security breaches in 2017, an increase of 26% from 2016.
You can have all the organisational systems and processes in place that it is possible to create, but the weakest link in your data protection are your employees. Over half of organizations surveyed by the BSI highlighted their concern regarding the role of their employees in GDPR compliance.
It is a weak link that is relatively easy to secure, but over 50percent of organizations do not provide data protection training to employees.
You need to have a member of the senior management team who leads every activity related to data protection but only 20percent of organisations take this relatively simple step that could create a strategic approach to data protection, get things done and save a lot of money.
This senior manager will need resources to achieve compliance, people, time and money, yet 64percent of businesses are expecting employees to achieve compliance whilst also completing all their other workload.
Data protection is as important as physical security, just as you have someone in the organisation who has the key to the front door and knows the burglar alarm code you are going to need someone who will have responsibility for ensuring that the data the organisation holds is secure, a data protection officer (DPO). This is going to be an ongoing responsibility. But 63percent of organisations do not have someone who has been allocated this role. Of the organisations that have a nominated DPO only 27percent have trained that person.
It seems that many organisations are scratching the surface when it comes to the wider implications of GDPR. More than 40percent of businesses are not aware of the Privacy Impact Assessments (PIAs), and only 12percent claimed to have a good knowledge of what is a key additional requirement of GDPR. A PIA is a risk-based assessment that is used to ensure that the rights and freedoms of individuals are protected when an organisation processes any of their data. and alarmingly the research revealed that over 40 per cent of organizations surveyed weren’t aware that PIAs will be a mandatory requirement and only 12 per cent claimed to have a good knowledge of PIAs.
There’s a lot of talk surrounding the GDPR, but with just days to go to implementation day this BSI research shows that organizations are still unprepared and don’t fully understand what’s required of them. With the right sort of training becoming GDPR ready is less complicated, less expensive and less daunting than many businesses think.”
Data processing is an issue for everyone and awareness levels are increasing – the recently published Data Protection Commissioner annual report highlighted that complaints had increased by 79 per cent compared to 2016. The figure is anticipated to be even higher in 2017.
It is important to remember that the new General Data Protection Regulation was set up to benefit everyone and having the right systems in place is not only good practice but will ensure that organizations build trust and transparency with their customers and minimise privacy and security risks for the future.
You can find more information about GDPR training at Work Place Learning Centre