• International Workplace
  • 31 May 2017

GDPR: need-to-know data protection

The advent of the General Data Protection Regulation (GDPR) in May 2018 sees the biggest change to data protection legislation for 20 years. International Workplace Managing Director David Sharp reports on a recent seminar on the subject

I had the pleasure recently of chairing a seminar run by the BIFM People Management Special Interest Group, focusing on the hot topic of data protection at work.

We have become increasingly accustomed to media coverage of major data security breaches and their impact on the businesses and people affected by them. But with the advent of new European legislation – the so-called General Data Protection Regulation, or GDPR – whatever role you play in your organisation, you’re going to need to know about it and prepare for it.

Most of the people I’ve spoken with are already up to speed on the key points of the new legislation, the biggest change to data protection law and practice for 20 years. They knew the potential for increased penalties when getting it wrong in future, which could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the higher.

Where they are sometimes less clear is on the practicalities of the way they manage data, and what the changes they might need to make in order to comply with the new requirements.

The two presenters were Bernard Crouch, Director of Acumen FM; and John Macaulay, a director at Greenwoods Solicitors LLP.  

David Sharp

Some quick takeaways, having talked with a few of the attendees afterwards, were:

  • Think about undertaking an information audit. This is something John Macaulay and his team at Greenwoods do as a matter of practice, and I’m sure he’d be happy to hear from you if you wanted to follow up with him
  • Think about whether you need to appoint a Data Protection Officer. I made the point that GDPR reminded me of health and safety regulations some 25 years ago: the discipline (and role) of health and safety was in its infancy then, whereas now it is ubiquitous within business and professional practitioners have chartered status. I can see the growing discipline of data protection / information management / cyber security all headed this way.

We’ve been asked by our clients if we intend to provide training on data protection and the GDPR, and I can confirm that this is something we are planning to do, most likely in classroom and eLearning formats. What will be interesting is understanding what different audiences want, as there seems to be a need at three levels, if not more:

  • specialist data protection officers (not a market for us);
  • managers in organisations responsible for setting policy and putting in place arrangements to comply with the GDPR; and
  • all workers, who require an awareness level of managing data as part of their day-to-day duties.

If you’d like to find our more about our plans, or let me know your thoughts, please do get in touch via Live chat below or call me on +44 (0)333 210 1995.