The General Data Protection Regulation (GDPR) is almost upon us. Coming into force May 25th 2018, it will affect businesses and organisations all across Europe – including those in education.

Scary as it sounds, the regulation is a positive thing, designed to protect European citizens’ data rights, fight spam, and protect our sensitive information from cyber criminals.

There are some pretty hefty fines if your business fails to comply with the law, so if you haven’t already, it’s definitely time to get up-to-speed and make sure that you are ready for the big shift.

But don’t panic if you’re not quite there yet. There are some steps you can take right now to get your business or organisation ready for the new regs.

1. Enlist the help of your team

The new regs are just around the corner, but for a lot of people, GDPR is still just a vague acronym. It’s important to share the implications of the changes by organising an obligatory information input session on the topic with your team, explaining what it is exactly and what it means for your place of work. If you’re not sure what’s it’s all about yourself, read our article What is GDPR and what does it mean for ELT?.

Data is shared from the bottom to the top of your organisation and across every department, so it’s clear that you can’t do this alone. You will need to have everyone on board and working with you to become GDPR compliant.

For this reason, it might be a good idea to bring in a qualified expert to conduct this session for you, as there could be some tough questions from your team.

2. Nominate a Data Protection Officer

Article 39 of the GDPR requires that you nominate or employ a Data Protection Officer (DPO), a member of your team who has a duty to understand law and a number of key responsibilities.

For example, your organisation’s DPO must:

You can read more about the roles and responsibilities of DPOs on DPO Network.

3. Map out your data

Next, you need a get a handle on what personal data you hold, where it is, and how it is stored and shared across systems. That might be easier said than done and, if you don’t yet have a DPO in place, you might require an outside consultant to help you do this.

You have to consider:

4. Get ready for data requests

Once you know where your data is, how it is stored and why, you’ll be in a position to fulfil data requests from your users – an important obligation under the law. The full list of data subject rights is outlined in our previous post about the regs.

You should now work with your DPO and team to develop a process to ensure that you are in a position to do this. Bear in mind that you will need to be able to complete most requests within 30 days.

5. Make sure you are being transparent

Transparency is one of the major tenets of GDPR. It’s imperative that your clients (or students) know how you collect, store and process their data.

This also means you’ll need to audit your current privacy terms and statements and make sure they are easy to understand and comply with the GDPR before May 25th.

Your privacy statements must:

See more about this on the Information Commissioner’s Office website.

While GDPR feels like a big responsibility right now (and it is!), it’s the perfect opportunity to improve your customer service, cybersecurity and user transparency. Once it’s up and running, the new regs will help protect citizens and make everyone’s online experience safer, fairer and more rewarding.

If you want to find out more about GDPR, your responsibilities, and other key information, head over to GDPREU for some helpful free resources.  

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Other related posts

See all

Am I a Content Creator or a Writer?

Deconstructing the Duolingo English Test (DET)

My English learning experience – 6 lessons from a millennial learner