The General Data Protection Regulation (GDPR) controls how organisations and the government use personal information. It is a law passed by member states of the European Union (EU) in 2018 and applies to all organisations that collect information on EU citizens, even those which are not based in the EU.
Organisations that process the data of EU citizens must do so according to 7 protection and accountability principles outlined in the GDPR:
Lawfulness, fairness, and transparency — Processing must be lawful, fair, and transparent to the data subject.
Purpose limitation —Data must only be used for legitimate purposes. Subject must be explicitly informed when data is collected.
Data minimization — Only data that is necessary for the purposes specified should be collected.
Accuracy — Personal data must be accurate and up to date.
Storage limitation — Data must only be stored for as long as necessary.
Integrity and confidentiality — Processing must be done with appropriate security, integrity, and privacy.
Accountability — The data controller is responsible for demonstrating GDPR compliance with all these principles.
The Data Protection Act of 2018 is the UK’s implementation of GDPR. Under the Data Protection Act, those responsible for collecting, using, and personal data must follow strict ‘data protection principles.’ These rules ensure sensitive information is used fairly, lawfully, for clearly stated purposes, only when necessary and then deleted when its’ usefulness is at an end.
The Data Protection Act also prohibits organisations from disclosing certain information to 3rd parties such as ethnic background, political opinions, religious beliefs, biometrics, and others.
Individuals have been given greater recourse to compensation for the abuse of their data. Organizations must ensure that individuals’ sensitive information is not used in automated decision-making processes without consent or profiling.
The Data Protection Act of 2018 applies only to organisations in the UK.
If your organisation collects data that can be used to identify an individual, you must ensure it is adequately protected. For example, addresses, financial information, payment details, contact information, and many other categories of personal data in the UK are protected by law.
Data protection is not just a legal necessity but crucial to protecting and maintaining your business’ reputation.
Data protection prevents sensitive information from being misused by malicious parties for fraud, scams, and identity theft.
Common protected data that your organisation might handle include:
Protecting this information, in accordance with the Data Protection Act and GDPR, requires businesses to adhere to specific principles.
Our self-study GDPR courses teach these principles and more. Your staff must be trained in GDPR compliance to avoid incurring heavy fines and penalties.
Self-study GDPR online courses are made with the help of GDPR experts and data security professionals.
Short online courses are a great way to train large numbers of staff without interrupting their everyday workload.
Online training can also be integrated into an organisation’s learning management system (LMS) for tracking progress of staff learning.
