Skip to main content

Get your staff up to speed with GDPR

You might be heaving a sigh of relief that the steady stream of GDPR emails have come to a close, but if your business handles personal data there's a lot more GDPR still to come. Here are the aspects of GDPR that your staff have to get up to speed with, and the ways that you should talk about it.

Make sure everyone actually knows what it is

Ok, there's a lot of stuff going around about GDPR, and it's unlikely that your staff won't know anything about it - but there's also a lot of misinformation out there, or outdated information from when the GDPR was first announced. It's a complex subject, so start with defining it to get everyone on the same page.

What constitutes personal data?

This is essentially anything that pertains to a person - as little as an email address with your name in it. If you can use the information to trace it back to a person, it's considered personal data. This is massively wide ranging, so if you have that information in your possession, you have to adhere to GDPR. Make sure your staff know which data they're handling that comes under this description.

Talk about the terms they'll come across

Your employees might not be familiar with some of the terms pertaining to GDPR. For example, 'controllers' and 'processors'. A controller determines the process and means of processing personal data. A processor is responsible for processing personal data on behalf of a controller. Sub-processors do the processing on behalf of another company - like someone sorting your business' payroll. These terms are going to come up again and again. Make sure your team know them inside out.

Prepare for the GDPR principles

The principles of GDPR refer to the specifics of the information you can hold. So it must be lawful, limited, accurate and up-to-date, kept for no longer than is necessary, and secure.

A lot of your employees might not come across this kind of thing often, but familiarising them with these regulations and provisions are important for your business. It will go some way to preventing employee missteps and mistakes when they're handling customer and client data. Ensure that everyone understands the principles, and which apply to your company.

Rights for individuals

There are 8 rights for individuals within the GDPR. Discuss the ways that these rights relate to your business; it might be helpful to provide examples of when your clients and customers can exercise these rights, and when they cannot. 

It's also worth mentioning the amount of time you have to respond to some of these requests - which is a month. Additionally, these rights are not absolute -under some circumstances they can be refused. Make sure your staff know the chain of response when a customer or client submits a GDPR request, and who to refer these requests to. This will prevent these requests being lost internally, and ensure you continue to adhere to GDPR.

Think about the weirder ways it could apply to your employees

A good example of this is old emails. If your employees are hanging onto emails, or filing them away in a folder, they could be inadvertently retaining personally identifiable information. If this is retained for a certain length of time you could be in breach of GDPR. Consider any and all ways that your employees might be hanging onto other's information; it will make your GDPR compliance watertight.

Have a chat about hacks

Any organisation, no matter how small, can be hacked. Under the GDPR, you must report a personal data breach within 72 hours of discovering it, and it must be reported to the relevant supervisory authority. Or else pay hefty fines. If you don't do this, or your security is found to be lacking, you'll be billed enough to put most SMEs out of business. 

As per the GDPR, you should also now have a listed Data Protection Officer. Make sure your staff know who this is, and how to get in contact with them if they need to - just in case any internal or external problems occur. 

Don't panic

This could be a huge change in the way that you're operating, and it's only natural to feel a little uncertain about it. If you need to chat to someone, give CyberShelter a ring - they'll be able to give you up-to-date advice on everything GDPR.

Tweet us @TranscenditUK


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
SIRIUS use Transcendit for our IT needs. They are proactive, high quality, charge fairly and are a pleasure to work with. Shkun Chadda

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Living Wage employer
Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner