May is just around the corner. This year the month will take on a whole new meaning for organizations as the new General Data Protection Regulation (GDPR) comes into effect. The big question for now is, are you ready?
The new GDPR aims to strengthen the rights of individuals living within the EU and European Economic Area concerning how their personal data, as in all information that pertains to them, are both used, gathered, and stored.
Data protection is nothing new; however, the breadth and depth of this new regulation are moving into slightly foreign territory, particularly since now organizations fall under its remit regardless of where they are.
How does the new GDPR ensure personal data protection? In straightforward terms, the new ruling makes it harder for organisations to collect an individual’s data and must now demonstrate how the data is managed and tracked and must document the processes put in place to protect it. The new regulation also gives individuals the right to know whether or not personal data concerning them are being processed, where and for what purpose, and that the company possessing this information must provide a copy of this data, free of charge, in an electronic format.
The penalty for non-compliance is severe. If a company is found in breach, it can face fines of up to 4% of annual global turnover or €20 million, whichever is greater. And the rules apply to both controllers and processors making ‘clouds’ not exempt from GDPR enforcement.
We all agree that protecting personal data is important and an increasingly challenging issue as news of breaches have become all too common. However, for organisations, it can pose a massive headache.
Everywhere systems will have to be assessed, new guidelines and measures implemented and employees trained to understand and execute the changing regulations.
In anticipation of this challenge, SumTotal’s Talent Expansion Suite® 18.1 release offers enhancements that will assist your organisation to be compliant.
This support includes:
- Consent: Feature/widget that ensures an organisation receives an individual user’s permission to collect personal data.
- Portability of Data: Organisations can easily provide an individual a copy of the personal data that was collected in a common machine-readable format as per the GDPR.
- Right to be Forgotten: Administrators can permanently delete any individual user’s personal data
- Tracking Capabilities: The existing attestation feature (Terms and Conditions) can be leveraged to support the requirement of tracking employee consent to collect data
There are only a few weeks left before the new GDPR kicks in. Just how much it will impact or disrupt business and organisations remains to be seen, but we want to make it easier for customers to be in compliance. These latest enhancements ensure there is a mechanism within SumTotal to support the regulation now and in the future, and we can help guarantee data protection for individuals going forward.
To learn more about GDPR, read about 9 Key Changes and What It Means for You.