It can’t have escaped anyone’s notice that GDPR will be coming into force this week on 25 May. From extensive internal discussions about how to ensure that customer data is handled correctly, to the increasing numbers of emails from companies asking us if we would like to continue to hear from them, the run-up to the implementation of the EU’s sweeping new data protection laws will have a significant impact on many organisations and many more workers.
It is essential to be prepared for the changes to the law around handling personal data that GDPR will bring. All the more so, as the EU is recommending that the regulation be immediately enforced by data protection watchdogs in Member States.
The problem is that, for many workers, it’s not that clear what needs to be done. Getting ready for the General Data Protection Regulation can seem like a daunting mountain to climb. Customer data or mailing lists might have built up over years or decades. Business processes might be developed that don’t take account of the specific responsibilities that the new rules place on data controllers. Even terms like, ‘data controller’ and ‘data processor’ can seem abstract and opaque.
The fact is that for many organisations, particularly smaller ones, there is little in the way of in-house expertise on data protection, little extra time to work through the complexities of the area, and likely, few resources to address either of these points.
But that doesn’t make data protection any less important. We’ve seen the controversy over how organisations like Facebook handle personal data, and the outrage after data breaches that have exposed highly sensitive personal information. Any organisation that uses personal data needs to be able to follow the rules and process that data safely.
To a large degree, it is a question of skills, which is why ECDL Foundation has developed a new module on Data Protection, which is being rolled out now. The module covers essential skill areas including, the principles of data protection, an overview of the GDPR, the rights of data subjects, how to implement data protection in an organisation, and how compliance with data protection is dealt with. It is specifically designed to meet the needs of people working in small and large organisations, who have to deal with personal data as part of their job, helping organisations in their efforts to become compliant and to be assured that their workers have the right skills.
When we started to develop the module, we brought subject matter experts on data protection together to define the core skills and knowledge needed by people who handle personal data. The experts, from Ireland, Poland, and Italy, contributed their perspectives on data protection in small and medium sized organisations to ensure that key competences were defined. Building on this expertise, the syllabus and tests ensure that workers can be certified to a strong standard to support the handling of personal data by organisations, as well as to help workers understand their own rights concerning personal data.
Frank Mockler, ECDL Foundation’s Head of Programme Standards, said, “With the increasing amount of personal data that is being handled by all kinds of organisations, it is essential for them to have workers who understand the principles and practice of correctly handling personal data. The ICDL Data Protection module certifies these skills and gives organisations reassurance that their staff are ready to manage personal data responsibly.”
So as the clock ticks down to the implementation of GDPR, it’s time to take a step back and ask if you are ready.
You can find out more about the Data Protection module at ecdl.org/dataprotection.