Delve Into GDPR - Questions & Answers

Interview with the GDPR Advisory Board – a team of GDPR experts providing straightforward advice and help for those with queries about this new legislation. For more details visit www.gdpr-board.co.uk
 
How will GDPR effect data that businesses keep on employees? 
Answer provided by Piers Clayden, founder of data privacy legal specialists, Clayden Law and a member of the GDPR Advisory Board 
“The GDPR will put greater obligations on employers on how they use their employees’ personal data and how they look after it. 
Employers will have a greater obligation to be transparent about how they use their employees’ personal data. They will be required to issue a new “information notice” to their employees which will need to detail, amongst other things, what kind of personal data they hold, what legal grounds do they use it for and informing employees about their new enhanced rights under the GDPR. 
These new rights include the “erasure” right (right to be forgotten), amended subject access rights and the right to appeal any decision based on automated decision-making.
Employers will also have a greater obligation to be accountable about how they use personal data, and be able to demonstrate their compliance – in short this means a much greater record-keeping obligation and ensuring that staff are properly trained in their responsibilities under the GDPR.” 
 
Do you expect most businesses to be compliant in time for implementation or is there going to be a problem? 
Answer provided by Piers Clayden, legal expert at the GDPR Advisory Board
“Because of the lack of clarity in some of the drafting of the GDPR, and the slow release by the regulators of any useful guidance, it is going to be very difficult for businesses of any great complexity to say they are 100% GDPR compliant by 25 May 2018. But it is important that they nevertheless try to move towards compliance as quickly as possible – we suggest taking a risk-based approach and prioritising those areas where the business faces the greatest exposure or liability.”
 
What are the top 5 things to get right under GDPR?
Answer provided by Piers Clayden, legal expert at the GDPR Advisory Board
• demonstrating that they are taking data protection seriously – up-to-date policies, record keeping and staff training are all important elements of this
• ensuring that the public-facing information notice reflects the reality of how the business actually does use and treat personal data behind the scenes
• ensuring that the business has proper organisational and technical measures and policies in place to keep personal data safe and secure – having a robust information security policy which is actually adhered to throughout the business is part of this
• making sure that if the business were to suffer a security breach (ie. in short where personal data was accessed outside of the organisation without authorisation) you would be able report this to the regulator (the Information Commissioner’s Office) within 72 hours of becoming aware of this breach
• making sure that, where personal data is processed on your behalf by an external organisation, you have contracts in place that meet the requirements of the GDPR
Failure to comply with the GDPR could expose the business to fines (potentially up to 4% of annual turnover or €20m, whichever is higher), claims for damages from individuals, but perhaps more damagingly, loss of reputation
 
How will GDPR effect all different types of marketing, such as email marketing, loyalty cards/schemes?
Answer provided by CIM (Chartered Institute of Marketing), who has worked in association with Me Learning to launch a tailored GDPR online course for marketers – GDPR for the Marketer. More details can be found at www.melearning.co.uk/gdpr . Nick Richards, CEO at Me Learning is a member of the GDPR Advisory Board 
“GDPR has an impact on a wide range of marketing activities including how data is used, how customers are contacted and how data is held – which in turn affects email marketing, loyalty schemes and general marketing activities. With potential fines for non-compliance amounting to €20 million (or 4% of a business’s global annual turnover), GDPR needs to be taken seriously and embraced by all organisations quickly and with diligence. It’s not all doom and gloom, marketers in particular should see the positive side of the new legislation, which provides a once-in-a-generation opportunity to wipe the slate clean and radically overhaul the way customer data is collected and used.
 
Now is the ideal time for marketers to persuade their organisation’s financial team to invest in new data analytics tools – perhaps even those with predictive analysis and artificial intelligence (AI). By populating these tools with only the most important, useful and legally compliant data, organisations will be able to operate in a far smarter manner – securing higher response rates for email marketing and driving closer relationships with customers in loyalty schemes.
 
Data rationalisation should mean an end to customers getting multiple email mailshots because they appear more than once on a database (or are duplicated across legacy databases). Furthermore, having a single, consolidated view of the customer should also facilitate more informed responses when that customer engages with a call centre or other service point.
 
It’s worth remembering when looking to deploy an email marketing campaign that after May businesses will no longer be able to include a pre-ticked box, which the customer must untick in order to opt out of consent. Instead, the customer must actively choose to opt in, giving their consent freely and of their own accord, without coercion, undue incentives or penalties. As such, gaining this GDPR-compliant consent should be among your organisation’s top priorities in the run-up to the legislation’s launch.
 
Why is training relevant?
Answer provided by Nick Richards, training expert for the GDPR Advisory Board and CEO of Me Learning
Training is important when it comes to GDPR. In many cases GDPR requires a cultural shift in organisations that ensures personal data is handled appropriately – and this just as important for the marketing team as it is the receptionist. Training enables this transition to take place across the company – and if you are questioned over GDPR compliance, prove that training has taken place is a very good step to show intent for compliance and might help avoid unwanted fines. 
 
What training should businesses consider?
There are many classroom courses available for GDPR but these can be costly and limiting. E-learning provides a cost effective solution to train a large number of the workforce in a consistent manner (good for new starters) without taking employees out of the office to do so. Me Learning has teamed up with legal experts at Clayden Law to produce a range of easy-to-understand and legally compliant GDPR e-learning. To find out more visit www.melearning.co.uk
 

For more details visit www.gdpr-board.co.uk

You Might Also Read: 

Cyber Threats Will Grow With GDPR:

« Cyber Threats Will Grow With GDPR
Police Prepare for Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Imperva

Imperva

Imperva is a leading provider of data and application security solutions including DDoS protection, Web application security, Data security and Cloud security.

Tresorit

Tresorit

Tresorit helps teams to collaborate securely and easily by protecting their data with end-to-end encryption.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

Private Internet Access

Private Internet Access

Private Internet Access is a Virtual Private Network services provider offering secure encrypted access to the internet.

NSHC

NSHC

NSHC is a provider of mobile security solutions, cyber security consulting and training, and offensive research.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

CyberCareers.gov

CyberCareers.gov

CyberCareers.gov is a platform for Cybersecurity Job Seekers, Federal Hiring Managers and Supervisors, Current Federal Cybersecurity Employees, Students and Universities.

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

Qrypt

Qrypt

Qrypt has developed the only cryptographic solution capable of securing information indefinitely with mathematical proof as evidence.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

Astreya

Astreya

Astreya is the leading IT solutions provider for some of the world's most recognizable and innovative organizations.