An Employer’s Guide to GDPR Part Four
Keeping HR Simple have teamed up with Data Protection Specialist Simon Hinks. Simon works closely with businesses and charities on data protection, compliance and data auditing and helping them to understand their GDPR/DPA gaps. His hot topics include GDPR compliance and data audits, Communication audits and Customer journey audits.
We asked Simon to talk to us about the big picture of GDPR and what that means from a HR point of view, in particular this time on the need for training.
The ICO sees training as an important element of working towards compliance and accountability. There are many training modules which provide a certificate of completion. In reality, training has to become more hands on and be an integral part of everyone’s role within any business.
It’s imperative that all departments within a business who deal in data, whether staff or customer data, receive regular training. This is to ensure all security and compliance principles are being adhered to. There are some useful videos to be found on the ICO You Tube site, in particular https://youtu.be/ksEMs8s8En0 is useful as it covers both data and data security within a business, also . https://youtu.be/7w9MQzwN4bQ is worth taking the time out to watch.
The ICO recognises that people are a weak link in the security of data. To remind people of their responsibilities and dangers, the ICO has made freely available a number of posters which can be downloaded from their website https://ico.org.uk/for-organisations/resources-and-support/posters-stickers-and-e-learning/ and displayed around your company.
In practical terms..
In practical terms, we really recommend as part of your GDPR training that you look to promote a clear desk policy. This is to ensure any personal/customer data is stored securely out of normal office hours. Also remember not leave data sheets on the photocopier and use the secure destruction function (shredding for example) for destroying personal data. These are elements all staff must work towards and it’s where training and workshops can help to remind people of the implications of not treating data with care.
More information coming soon but in the meantime if you have any questions, don’t hesitate to contact us!