On May 25th 2018 the data protection rules underwent their biggest change in over twenty years as the GDPR (General Data Protection Regulation) (Regulation (EU) 2016/679) which is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
In recent times the amount of digital information that we create, capture, and store on customers has greatly increased and the new GDPR guidelines have been created to address that.
" If you use Microsoft Excel, Word or any similar software and store customer data on your computer you are not GDPR compliant. The best way to secure your data once collected is by storing it in the cloud."
The GDPR states that smaller offences could result in fines of up to €10 million or two per cent of a firm's global turnover (whichever is greater)!
The solution is the mutually agreed European General Data Protection Regulation (GDPR) will change how businesses and public sector organisations can handle, process and store customer information and data.
One of the biggest, and most talked about elements of the GDPR is the power for regulators to fine businesses that don't comply with GDPR.
If an organisation doesn't process an individual's data in the correct way, it can be fined. If it requires and doesn't have a data protection officer, it can be fined. If there's a security breach, it can be fined.
What this means for Training organisations in the UK (as we are still part of the EU) is that you will need to make sure that all customer information data which is captured and/or processed by you needs to comply to GDPR.
Training organisations who use Microsoft Excel spreadsheets to store customer information should look to implement a secure GDPR Compliant Training Management System.
Well it means that you must take steps, and be able to prove that your customer data is held responsibly and securely.
Genius Training Management System is a completely secure environment and all data which is entered into Genius is digitally encrypted using the very latest encryption technology.
This means that when you use the Genius Training Management System all of the data that you enter is GDPR compliant.
Genius is GDPR Compliant in the following areas;
Genius makes it simple to comply with GDPR.
We have listed some of the most frequent questions below relating to GDPR Regulations.
If you are a training provider yes it does, in fact the GDPR applies to the following;
Individuals, organisations, and companies that are either 'controllers' or 'processors' of personal data.
"If you are currently subject to the DPA (Data Protection Act), it is likely that you will also be subject to the GDPR," the ICO says on it's website.
Both personal data and sensitive personal data are covered by GDPR.
Personal data; a complex category of information, broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address, email address, telephone number etc.
Sensitive personal data; encompasses genetic data, information about religious and political views, sexual orientation, and more.
These definitions are largely the same as those within current data protection laws and can relate to information that is collected through automated processes.
Where GDPR differentiates from current data protection laws is that pseudonymised personal data can fall under the law – if it's possible that a person could be identified by a pseudonym.
You can find the full text of GDPR here where there are 99 articles setting out the rights of individuals and obligations placed on organisations covered by the GDPR regulation.
These include allowing your customers to have easier access to the data that you hold about them, a new fines regime and a clear responsibility for organisations to obtain the consent of customers that you collect information about.
Your organisation will be more accountable for the handling of your customers personal information.
This can include having data protection policies, data protection impact assessments and having relevant documents on how data is processed.
In the last 12 months, there's been a score of massive data breaches, including millions of Yahoo, LinkedIn, and MySpace account details. Under GDPR, the "destruction, loss, alteration, unauthorised disclosure of, or access to" people's data has to be reported to a country's data protection regulator – in the case of the UK, the ICO – where it could have a detrimental impact on those who it is about.
This can include, but isn't limited to; financial loss, confidentiality breaches, damage to reputation and more.
The ICO must to be informed about a breach within 72 hours of an organisation discovering the breach and the people it impacts also must to be informed.
If you employ more than 250 people you will be required to employ a Data Protection Officer (DPO). If you employ less than 250 people you may not required to employ one.
Additionally, companies that have "regular and systematic monitoring" of individuals at a large scale or process a lot of sensitive personal data will have to employ a Data Protection Officer (DPO).
For many organisations covered by GDPR, this may mean having to hire a new member of staff, although larger businesses and public authorities may already have people in this role.
In this job the (DPO) has to report to senior members of staff, monitor compliance with GDPR and be a point of contact for employees and customers.
In the GDPR there is a requirement for businesses to obtain consent to process data in some situations.
When an organisation is relying on consent to lawfully use a person's information you have to clearly explain that consent is being given and there has to be a "positive opt-in".
For example; When placing an order via your website a mailing list check box must not be checked by default as your customer must "take positive action" to join your mailing list by checking this box.
When a customer requests access to their data, you must provide the information within one month.
Everyone will have the right to get confirmation that an organisation has information about them, access to this information and any other supplementary information.
This means that you will have to give your customers more control over their data. As well as this the GDPR bolsters a person's rights around automated processing of data.
The ICO states that individuals "have the right not to be subject to a decision" if it is automatic and it produces a significant effect on a person. There are certain exceptions but generally people must be provided with an explanation of a decision made about them.
The GSPR regulation also gives individuals the power to have their personal data erased in some circumstances. This includes where it is no longer necessary for the purpose it was collected, if consent is withdrawn, there's no legitimate interest, and if it was unlawfully processed.
The monetary penalties will be decided upon by the ICO, the GDPR states that smaller offences could result in fines of up to €10 million or two per cent of a firm's global turnover (whichever is greater).
Those with more serious consequences can receive fines of up to €20 million or four per cent of an organisations global turnover (whichever is greater).
These are much larger than the £500,000 penalty the ICO has historically issued and, according to analysis, last year's fines would be 79 times higher under the GDPR Regulations.
These fines are very significant and could result in putting many organisations out of business.
The guide, which is available to download in Pdf format here, includes steps such as making senior business leaders aware of the regulation, determining the kind of data that is held, updating procedures around subject access requests, and what should happen in the event of a data breach.
As well as this guidance, the ICO says it is creating a phone service to help small businesses prepare for GDPR. The service will provide answers about how small companies can implement GDPR procedures and starts at the beginning of November 2017.
The Genius Training Management System is completely secure and fully complies with the secure storage of customer data under the GDPR Regulations. This means that all customer data that you store within Genius is compliant.
Genius goes a long way towards making your training organisation GDPR compliant but there are still some procedures that you must put in place to fully comply. Please be aware, it is YOUR responsibility to make sure that your organisation is GDPR compliant.
Disclaimer: The information within this website should not be used as a GDPR compliance guide, furthermore Genius accepts no responsibility for anyone using the information within this website as a complete and comprehensive guide to GDPR Compliance.
You should do your own research and download the official GDPR Compliance guide.
Start your 14 Day Free trial of Genius today!
No need to enter payment details, no set up fee's, and you get Free UK based telephone and email support throughout your trial.
Starting your Free trial is easy and takes seconds.
Let's do this!
With Genius we provide unlimited training and customer support, so whether you are not sure about how to perform a specific task or whether you need help with your website integration, whatever your problem our team are on hand to help.
We provide support via telephone, email, skype and screen sharing. *
Office Hrs: 9am - 6pm (GMT) Monday - Friday.
(UK): 0330 113 7783
(International): + 44 (0) 330 113 7783
Genius is in the cloud, your data is always available on demand, on all devices.
Repetitive tasks are automated, streamlining your processes and raising efficiency.
View instant, real-time KPI's, revenue, expenses, profit and loss.
Your clients/learners can track & manage their qualifications with the Client Platform.
Subcontract/Freelance trainers have Free access to manage diary & registers.
Training & support by telephone, email and screen sharing included.
Quick website integration, accept bookings from your website increasing revenue .
Accept secure card payments with Stripe fully integrated into Genius.
Designed from scratch with GDPR compliancy built in.