Train to adapt to the GDPR because the changes are significant, but so are the opportunities, says Jane Cave, MD of the IDM.
The General Data Protection Regulation (GDPR) will change the ways in which all
training businesses deal with data forever when it comes into force on 25 May.
Training will be the answer for most businesses. The upcoming changes are a step-change in complexity from what you might be used to. In addition, the onus shifts from a kind of passive accountability that businesses operate now, to a more active accountability where organisations will have to be able to demonstrate to the Information Commissioner’s Office (ICO), the data protection regulator, that they are in compliance with the GDPR.
This means everyone in the business, from the receptionist to the CEO, needs to adapt to and understand how the GDPR will have an impact on their daily work. The GDPR gives more rights to individuals with regard to their personal information. This clarifies that the personal information belongs to the individual and that the organisation can only use it with the trust and permission of the individual. If an individual loses trust and confidence that an organisation will look after their personal information properly, perhaps because of a data security breach, then that organisation will be in serious difficulty.
Recent research by the DMA suggests that businesses consider the GDPR to be a
mixed blessing: good in parts.
Businesses understand that they need the GDPR, but they also believe it will make their lives more difficult. Two-thirds (65%) of marketers say the GDPR will hinder their marketing.
Actually this view that the GDPR will be a ‘problem’ is rather pessimistic. To begin with, valid data will be of higher quality, and so of more use to business – the GDPR will focus your marketing. Also, because the GDPR focuses attention on your customers, it should allow your business to develop a stronger relationship with them.
Michelle de Souza, Age UK’s Chief Data Officer, poses this question: “What will we do to ensure that individuals are respected, and that we are responsible marketers?” The Information Commissioner Elizabeth Denham told the Institute of Directors in October 2017, “The GDPR gives specific new obligations for organisations, for example around reporting data breaches and transferring data across borders. “But the real change for organisations is understanding the new rights for consumers and citizens. It’s an evolution of the current law and a step change that brings greater accountability, transparency and consumer control,” said de Souza.
How does the GDPR apply?
The GDPR is unusual because of the scope and scale of the regulation. There is no quick fix and no immediate answer to getting GDPR-ready. The right response to almost all businesses will be: “it depends” because every business is different and preparations will necessarily vary from company to company.
When designing courses, you will need to consider how student data might be used, and what the implications of that usage might be. Will it have been collected properly? Will the data move outside the EU? Will it be at risk? Look at where the data moves and keep risk to a minimum. This process is referred to as ‘privacy by design’, building data protection into business plans right from the start. Training will be essential to make sure employees
understand their responsibilities.
How have businesses managed their GDPR plans?
We can infer how businesses prepare for the GDPR by looking at those who have
developed their plans over the past two years.
According to that same DMA research, businesses tend to concentrate on appointing a Data Protection Officer and classifying their data first. In a second phase, businesses move on to looking at the concept of privacy by design, how to give customers more control of their data, auditing third party data and conducting impact assessments.
Training comes in the third phase of preparation, along with exploring processes for data breach management, auditing the state of their existing business and updating the business privacy policy. But these are the companies with longrunning and systematic plans. If you are starting to think about the GDPR now then you need get up-to-speed as soon as you can.
The IDM has seen a surge in demand for courses to help businesses understand what the GDPR means to them now. The IDM has developed two courses, both accredited by the DMA, designed to get you GDPR-ready: The Award in GDPR gives a comprehensive overview of the law and what marketers need to consider. The Professional Certificate in GDPR goes into more depth, with detailed information on the specifics of the law and how it applies to different businesses.
Interested in learning more?
Get your free copy of the UK Training Report: Industry Trends 2018
What's included:
- Inbound marketing tips easiest for training providers to integrate into their strategy.
- A media cost survey of some of the most popular marketing and press outlets for training providers.
- A GDPR guide for UK training providers.
- Apprenticeship levy potential including as-of-yet unreleased statistics gained through the Freedom of Information Act
- Our annual training provider survey revealing marketing budgets, market outlook for 2018, projected income from apprenticeships and more!
Jane Cave, MD at the IDM
Jane Cave, Managing Director of the Institute
of Direct and Digital Marketing (IDM), has
extensive commercial and Not-For-Profit
marketing experience on both agency and
client-side sectors.
Cave has board-level experience in business
strategy review and development and has
a reputation for her meticulous evaluation
skills in market research, highlighting
new marketing opportunities and defining
accountable objectives.
Under Jane’s leadership, the IDM is
dedicated to delivering inspirational
learning experiences designed to raise
professional standards and competencies
across the marketing industry in the UK and
internationally.
