General Data Protection Regulation
On 25 May 2018, the General Data Protection Regulation (GDPR) came into effect.
What is the GDPR?
It is the most important change in data privacy regulation in 20 years, developed to harmonise laws across the EU and protect all EU citizens from privacy and data breaches.
The GDPR also aims to reshape the way organisations approach data privacy and to strengthen and increase the rights of individuals, giving them more say over which organisations have access to their data, how their data is used and how they are contacted.
How will this change affect training providers?
Organisations which collect data must comply with six core data protection principles outlined in the GDPR, covering areas including how personal data is stored, who can access it and for what purpose the information is used.
SDS has a responsibility to ensure that personal information collected for our business is complaint with these principles and obligations under the GDPR.
All training providers who provide services on behalf of SDS must collect data in ways which are compliant with the GDPR. This will involve making sure that participants are made fully aware of what information we are collecting, why we are collecting it and what their rights are (covered by a privacy notice).
SDS also has an obligation to ensure any data collected about individuals is kept secure and disposed of appropriately, in line with a defined retention schedule, meaning it shouldn’t be kept any longer than necessary.
What are the consequences of not complying with the GDPR?
All UK organisations must comply with the GDPR, regardless of Brexit, with any organisation found to be in breach of the regulation facing fines of up to €20 million.
The responsibility under GDPR is shared by those collecting (training providers) and handling (SDS) data. However, SDS have a responsibility as data controllers to check compliance.
Want to know more about the GDPR?
Access the links below for more information on the GDPR, the six core data protection principles and further information on the rights of individuals.
- Information Commissioner’s Office (ICO) guide to the GDPR
- More information on the six principles of the GDPR
- More information on the rights of individuals under the GDPR
If you have any questions you can also contact your SDS contract manager.