GDPR Training

GDPR Insights for Both USA and EU businesses

What is the General Data Protection Regulation (GDPR)?

The European Union has established a privacy regulation that will fill a current void as the new global standard for privacy regulation.  The GDPR (Global Data Privacy Regulation) clarifies how data is viewed and secured. The Global Data Privacy Regulation is a set of standards outlining minimal data privacy requirements that all organizations that solicit or collect data on individuals in the European Union must comply with.

A Few Important Things to Note:

 

The GDPR goes into force May 25, 2018.

If a company does business with the EU, GDPR affects them.

If a company collects any personal data on an EU citizen, including email addresses, GDPR affects them.

GDPR fines can be up to $24 million or 4% of worldwide revenue.

Basis for Data Collection

Understand what personal data your company is storing and why. Does the company need to collect and store all the data that it has? Is there a legitimate and legal reason for the data collection? Many organizations collect data on clients that is not actively used or needed. Know what data you have and why.

Security Breach Plan

Does your organization have a 72-hour response plan in place for an incident or breach. Based on the data your organization stores, will determine who needs to be notified and how. This requires a working 72-hour incident breach plan be in place.

Data Portability and Management

Can your organization fully erase a person's data from their entire system. If a customer decides they no longer want a company to have their information or data, can that company give the data back to the client in a readable format. How does the organization disclose indirect data collection?

How Can Stronger Help?

Some companies think that because they comply with other privacy laws, they’re covered with the GDPR. That’s wrong. They may not need to take any additional technical measures, but they need the GDPR-specific compliance documentation.

 

It’s like thinking that because you received a flu shot, you won’t get the measles. Different disease, different immunization. Same here. Different law, different documentation.

 

Stronger has two offerings that can help your organization with the most crucial areas of the GDPR – Training and Documentation.

Training

We’ve got two levels of GDPR training programs that combine assessments, training, and reinforcement, arranged in turn-key, year-round plans. 

 

Whether you’re trying to deliver GDPR training once a year and be done, or you’re committed to a year-round program of education, we’ve got the content, tools, and services to help you achieve and stay in compliance.

 

Option 1:  GDPR Fundamentals

This is a single,  30-minute course including 2 short animations and 4 topic-based reinforcement posters in an off-the-shelf solution. This option can be deployed in a matter of hours, organization wide.

 

Option 2:  GDPR Advanced

This option allows for six role-based courses along with a role-selector so each person on your team gets the training that best fits their job requirement. The package includes 6 short animations and 6 topic-based reinforcement posters and can be customized to your organization’s look and feel. This option can be deployed within several days.

 

Both options have the added ability to be deployed in other languages and can be combined with our Security, Compliance, or Privacy Libraries.

Documentation

The GDPR requires that companies generate specific compliance documents. There are several vendors that help companies with the technical side of compliance. But we don’t know of any other vendor that automates the complete set of legal documents. More about GDPR documentation here…

 

This means that a company has two options: hire a lawyer to generate the documents or use GDPR IQ.Here are the three main advantages to using GDPR IQ over an attorney:

 

1.  Cost

In most cases, the software is 1/10 to 1/20 the cost of an attorney to generate the same documents. For a University, the cost savings can be even more extreme.

 

2.  Time

In most cases, the software takes 1/20 to 1/30 of the time for an attorney to generate the same documents. For a University, the time savings can be even more extreme

 

3.  Expertise

We engaged the best GDPR law firm in Europe to verify that our documents would be compliant with the GDPR. Documents from a lawyer won’t have been checked by a GDPR law firm in the EU.

Stronger is offering a low-cost, high-quality GDPR Documentation Solution. On-demand forms written and verified by US and EU GDPR law firms.

There are 28 Countries in the European Union

 

The population of the EU is about 512 million people. That is more than the combined population of The United States, Canada and Mexico.

Austria

Belgium

Bulgaria

Croatia

Republic of Cyprus

Czech Republic

Denmark

Estonia

Finland

France

Germany

Greece

Hungary

Ireland

Italy

Latvia

Lithuania

Luxembourg

Malta

Netherlands

Poland

Portugal

Romania

Slovakia

Slovenia

Spain

Sweden

United Kingdom

GDPR Compliance Checklist:

1. Audit and update your data handling policies

2. Confirm you’re capable of notifying data subjects of a breach within 72 hours

3. Hire a Designated Privacy Officer (DPO), if needed

4. Familiarize yourself with how the GDPR defines controllers and processors

5. Get a mechanism in place for gathering data subjects’ consent

6. Make sure all members of your organization are familiar with how the GDPR changes data subjects’ rights

7. Deploy privacy awareness training to all employees

8. Make sure all members of your organization know the consequences of GDPR non-compliance

9. Check that all third-party vendors who can access the data you collect are GDPR compliant

10. Get an enforceable code of conduct in place

More Information and Articles