GDPR Compliance Roadmap
The GDPR is one of the most detailed regulations, with rules covering every aspect of data processing.
To comply, you need to ensure that your staff are aware of your legal basis for data processing, rights of your data subjects, including access requests, your technical security measures, etc.
Proper consent for data collection must be obtained if that is your legal basis. Data Subject Access Requests must be dealt with promptly and personal data retained no longer than necessary.
You may have implemented some one-off measures such as preparing the policies and training your staff. However, to fully comply and protect your company against costly breaches, you should consider a comprehensive set of ongoing measures to prepare and support your employees.
In the UK, the Information Commissioner's Office (ICO) has provided checklists for data controllers and processors that should be the basis for your GDPR compliance roadmap. In general, you should consider the following steps to maintain your GDPR readiness:
- Step 1: Prepare data protection policies and procedures and ensure they are communicated to and attested to by employees and relevant sub-processors.
- Step 2: Train your employees on the GDPR rules and how they apply to your company and their roles.
- Step 3: Keep records of data processing activities for GDPR Article 30 compliance.
- Step 4: Offer an easily accessible breach register for your staff to report any actual or suspected breaches or near misses.
- Step 5: Obtain compliance declarations from your third-party sub-processors to ensure that your supply chain is aligned with your internal data protection standards.
- Step 6: Conduct anonymous staff surveys to uncover deficiencies in your internal controls and external threats to continuously improve your data protection policies and procedures.
Back to top of page
Policy Attestations
Compliance with the GDPR and the DPA starts with good corporate policies covering all aspects of data processing and information security - everything from data collection and retention periods to access control and the use of passwords.
But the policies don't work unless you ensure that they are communicated to all staff and new hires promptly after joining your company. Ideally, you should seek all affected employees to affirm that they understand and agree to abide by these policies and associated systems and procedures.
With Skillcast's online Policy Hub, our employees can regularly review and attest all the relevant policies in a timely and efficient manner, and you can evidence to regulators and authorities when required.
Back to top of page
GDPR Training
Adopting the policies is the first step, but effectively communicating them to your employees secures the required behavioural change.
Your staff need to understand your rules for processing and protecting personal data.
Skillcast offers a range of data protection courses to educate your staff and experts:
Back to top of page
Data Breach Registers
Your company must report certain personal data breaches to The Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. You must also record any personal data breaches, regardless of whether or not its severity warrants notifying the ICO.
GDPR breach fines from the ICO can reach up to £8 million or 2% of global turnover if the breach is not reported within the allowable time.
Organisations must have a robust breach-reporting process to detect and notify breaches on time and provide necessary details.
With a Skillcast Compliance Register, you can run this workflow efficiently and analyse the data over time to ensure compliance with the requirements of the GDPR.
Back to top of page
Third-party Due Diligence
You may need third parties to complete disclosures or declarations regarding compliance with the GDPR and DPA.
Using email of paper-based processes is slow, inefficient and creates unnecessary duplication.
Using the Skillcast online Compliance Declarations will help you to streamline the collection, analysis and management of due diligence for associated persons outside your organisation.
Back to top of page
Staff Surveys
Your employees and managers are your first line of defence against data breaches, and their knowledge about the effectiveness of your data protection and compliance procedures is crucial.
Conducting periodic staff surveys can tell you much about your data protection risks and deficiencies in training, procedures, record-keeping and any lack of clear policies and procedures. To maximise the utility of such surveys, you need to make them anonymous so that your employees can speak freely about sensitive topics.
The Skillcast Compliance Survey Tool can help you conduct robust, anonymous staff surveys that ensure the widest coverage and enable employees to give feedback to you in confidence.
Back to top of page
Free GDPR Resources
We have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules.
GDPR Training Presentation
Ensure your staff know everything they need to about GDPR with this free, customisable training presentation.
GDPR Self-assessment Questionnaire
Benchmark your existing processes and identify any missing GDPR procedures and controls with our questionnaire.
GDPR Personal Data Awareness Aid
Help your staff fully understand what constitutes personal data and how to protect it with our poster.
GDPR Fundamental Rights Awareness Aid
Highlight the fundamental rights covered by GDPR to your employees with some key statistics.
Data Protection Training Presentation
Our training presentation covers everything your staff need to know about data protection to help ensure minimal breach occurrences and avoid the negative consequences of non-compliance.
Free Cybersecurity Microlearning
Our bite-sized cybersecurity training video helps employees know how to stay safe in under 3 minutes!
Back to top of page
Best Practices in Data Protection
If you'd like to stay up to date with GDPR best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech, and RegTech news, subscribe to Skillcast Compliance Bulletin.
Top 10 Frequently Asked Questions About GDPR
Whistle-stop answers to the who, how, what, where and when of GDPR.
Conducting a GDPR Compliance Audit
An audit of your GDPR procedures and controls will allow you to benchmark your existing activities and remedy any gaps to ensure regulatory compliance.
GDPR for Small Businesses
The GDPR is a big risk for small businesses because the fines for non-compliance can be so large as to cause liquidation.
How will Brexit affect GDPR?
Now that the UK has left the European Union, what will the implications be for the GDPR? Will anything change? We answer your most frequently asked questions.
Data Subject Acess Request Fees
Under GDPR, the way to deal with data subject access requests changed. How can you manage them effectively while remaining compliant?
GDPR & Age of Consent
Corruption affects all countries, rich and poor. It causes instability, inequality, and poverty, eroding national wealth. So what can you do to reduce the risk in your company?
Legal Basis for Data Processing under GDPR
There are six legal bases for processing as set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data.
GDPR Compliance Tips when Sharing Data
Before you transfer personal data to other organisations, especially outside the EEA, you need to stop to think about the GDPR implications.
GDPR & Safeguarding Vulnerable Adults
This category and level of data held by companies on vulnerable data subjects may far exceed original expectations, which is why you need to assess its impact.
Why you Need a Data Protection Officer
Corruption affects all countries, rich and poor. It causes instability, inequality, and poverty, eroding national wealth. So what can you do to reduce the risk in your company?
How to Protect Health Data under GDPR
Health data security is in the spotlight, as public confidence has slumped after high profiles data breaches in the UK and rookie data processing errors.
Data Protection in Times of Disruption
GDPR compliance becomes more challenging than ever during times of disruption. To maintain data protection compliance, you will need to focus and prioritise.
What Factors Affect GDPR Fines?
To help you understand how these factors are applied, we have assessed each area in the context of the now-infamous Facebook data breach.
Back to top of page
