Using assessments to ensure GDPR compliance
The GDPR is the most important change in data privacy law in 20 years, with immediate effect by May 2018. The new regulations intend to strengthen and unify privacy and data protection and any organisation that stores or manages data about people who live or work in Europe will need to comply.
GDPR’s objectives and effects are threefold:
- Expands the rights for individuals
- Strengthens the obligations for companies
- Increases sanctions for non-compliance
With eye-watering regulatory fines of up to €20 million or 4% of global annual turnover (whichever is greater) a credible compliance strategy is essential.
A crucial part of the GDPR compliance framework is staff awareness and education. Some key points that learning, compliance and testing professionals should be aware of include:
- Article 39.1 says that organisations must conduct awareness-raising and training of staff who process personal data and this is extended to include “monitoring training” for some organisations in Article 47.2.
- Article 32.1 of the GDPR requires that organisations put risk-based security measures in place and instructs organisations to regularly test, assess and evaluate the effectiveness of these measures. The most efficient and defensible way to check employees understood their training is through a test. Tests and surveys can also be used to monitor the effectiveness training programs and improve them for the future.
- Article 83.2d of the GDPR explains that how well you implement the measures in article 32 (i.e. including those above) will impact how big these fines might be. How are you going to show to a regulator that you took all the steps you could to minimise the risk? If you don’t train and assess your people, it’s hard to argue that you took the proper steps to be compliant and that you are actively evaluating the effectiveness of your training.
Want to learn more? Check out this webinar recording!
Assessments play an essential role in a defensible compliance strategy. Questionmark's assessment management system enables you to:
- Develop valid training programs and assessments that align with the competencies of specific job roles and locations
- Test employees in multiple locations, including those on the move
- Improve and document employee knowledge of standard operating procedures
- Accurately record and ensure knowledge of the legal and regulatory requirements
- Deliver course evaluations to improve the effectiveness of your training programs
Best-in-class organisations are increasingly implementing centralised assessment management systems to manage the entire testing process. Questionmark enables you to:
- Author your test questions in a simple, intuitive interface with a system that keeps an audit of your question development
- Schedule your assessment and deliver it in a variety of methods -- from mobiles, to live online proctored examinations, printed paper-based tests and more.
- Comprehensive reports provide management with a unified view of employee performance as well as test performance.
- Develop and deliver job task analysis surveys to employees, reporting on the criticality, frequency and difficulty of their tasks. JTA surveys provide you with valuable data for audits, developing training programs and writing competency assessments.
Let us show you why organisations worldwide count on Questionmark.
Data processors and controllers are jointly responsible for the security of shared data so it’s important that you partner with organisations who are not only prepared for the new regulations but that count security as a top priority. Questionmark has achieved the prestigious ISO 27001 certification for "Information Security Management" by a third-party accredited team of auditors. ISO 27001 ensures Questionmark has applied a framework to business processes to help identify, manage and reduce risks to information security. The internationally recognised certification guarantees that process, technical and people controls are in place and audited to protect the confidentiality, integrity and availability of data on an ongoing basis.
Questionmark is compliant with the GDPR by May 2018 and will be supporting our customers to be compliant. For more information, please click here.
If you’d like further information about Questionmark’s data security processes and policies, then get in touch with us today by emailing firstname.lastname@example.org.