GDPR, the questions each department should be asking themselves now.
Part of the preparation for the General Data Protection Regulation (GDPR) includes identifying who is responsible for what. As expected from a new regulation there are loads of questions in point of uncertainty. In this article, based on the GDPR coalition content, we will attempt to explain in brief, the main departments affected by the GDPR. We will also advise on what each department should be asking themselves right now.
Human Resources
HR departments will have lots of work to do soon. Starting with employment contracts – what personal data and sensitive personal data do you collect? Have you documented why you need to capture the information? Do you obtain consent and explain how it will be processed? Are your policies, forms and awareness training updated with the new personal data categories?
Legal Department
Do you know how you will deal with a request for provision of personal data? Is your process documented? Is any of it automated? Do you know the new response timescale? Do you publish your data retention policies?
Marketing
When you capture consent (e.g. tick boxes) for use of personal data, do you clearly explain why you need to have it and it will be processed? In case not, you should be working on it right now. Did you know the consent needs to be explicit and the individual giving consent needs to be fully informed?
Finance
GDPR has a wide ranging affect over many business departments, including Finance. GDPR applies to online identifiers (e.g. SEPA) and ID numbers (e.g. employee ID’s) also. Have you reviewed your processes to ensure these are managed securely? Have you reviewed the potential GDPR penalties and have you taken account of these in any risk planning?
IT
It is important for the IT department to know which systems hold personal data, including the new special categories of personal data. Can you find that data in the event of a request from a data subject and can you delete it? It is stored securely, whether that’s in your office or in the cloud? Can you identify a security breach, e.g. a hack, assess it regarding impact to personal data? Have you established a process for notifying that breach within 72 hours?
Procurement
You are responsible for all the data involved in your company, even the one that is held by your sub-contractors. Where a sub-contractor is processing data on your behalf, where you are the data controller, have you ensured that the processor has provided sufficient guarantees, in terms of expert knowledge, reliability and resources, to implement technical and organisational measures which will meet the requirements of the GDPR?
Be Prepared
In 7 months the GDPR will be implemented! Now I the time to invest in training for your staff and help guarantee compliance. At New Horizons Ireland, we provide GDPR courses to prepare you and your company for this moment.
GDPR Certifications
Certified Information Privacy Professional
|
 |
The “what” of privacy, and why you need it.
- Legal
- Compliance
- Information Management
- Data Governance
- Human Resources
|
Duration: 2 days
Includes:
- Exam
- IAPP membership
- Official training
|
|
View outline
|
Certified Information Privacy Manager
|
 |
The “how” of privacy operations, and why you need it.
- Risk Management
- Privacy Operations
- Accountability
- Audit
- Privacy Analytics
|
Duration: 2 days
Includes:
- Exam
- IAPP membership
- Official training
|
|
View outline
|
Certified Information Privacy Technologist
|
 |
The “how” of privacy and technology, and why you need it.
- Information Technology
- Information Security
- Software Engineering
- Privacy by Design
|
Duration: 2 days
Includes:
- Exam
- IAPP membership
- Official training
|
|
View outline
|
Other Popular GDPR courses
The GDPR Primer for Data Protection Officers
2 Days
- The social, historical and legal background leading to the general data protection regulation (GDPR)
- Principle one: the criteria governing fair, open and transparent processing of personal data
- The role of the data protection officer (DPO)
- The remedies, liabilities and penalties available under the gdpr
- Provisions for specific processing situations
- Preparing for implementation of the GDPR
Outline and course dates
Watch our webinar
GDPR, IAPP Training and Certification: What you haven’t heard, and why you need to hear it before May 25th 2018
Available: Now
PRESENTER: Paul Jordan, Managing Director, Europe - IAPP
Most know that GDPR is taking effect on May 25th 2018 which requires organizations to prepare technology, processes and people towards gaining compliance. Due to this EU regulation there has been a recent surge of training solutions that have become available in the marketplace. Unfortunately many make claims that their training will make your organization GDPR compliant which is not possible. To help decipher how to best prepare your organization for GDPR compliance, we have enlisted the help of the world’s largest data privacy certification and membership organization, International Association of Privacy Professionals (IAPP). Paul Jordan, Managing Director – Europe IAPP, will provide clarity on why privacy and security sit on opposite sides of the front door to an organization, and how GDPR will impact organizations, people, technology and processes all over the world. Mr. Jordan will also will explain how IAPP’s ISO certified training, certifications and membership sets itself apart from other solutions. Do not miss this exceptional opportunity to hear the latest from Mr. Jordan while having the opportunity to ask questions how best to prepare your organization for GDPR and longer term data privacy needs.
Watch Now
Subscribe for more!
Never miss another free webinar. Get all the latest cheat sheets. Be informed about our complimentary training. Subscribe to our Newsletter now and and never miss out again!
Subscribe now