Using assessments to ensure GDPR compliance
The GDPR is the most important change in data privacy law in 20 years, with immediate effect by May 2018. The new regulations intend to strengthen and unify privacy and data protection and any organisation that stores or manages data about people who live or work in Europe will need to comply.
GDPR’s objectives and effects are threefold…
|The GDPR increases the rights for individuals||It strengthens the obligations for companies||Sanctions for non-compliance are significantly higher|
With eye-watering regulatory fines of up to €20 million or 4% of global annual turnover (whichever is greater) a credible compliance strategy is essential.
A crucial part of the GDPR compliance framework is staff awareness and education. Article 39.1 says that organisations must conduct awareness-raising and training of staff who process personal data and this is extended to include “monitoring training” for some organisations in Article 47.2.
Article 32.1 of the GDPR requires that organisations put risk-based security measures in place and instructs organisations to regularly test, assess and evaluate the effectiveness of these measures. The most efficient and defensible way to check employees understood their training is through a test. Tests and surveys can also be used to monitor the effectiveness training programs and improve them for the future.
Article 83.2d of the GDPR explains that how well you implement the measures in article 32 (i.e. including those above) will impact how big these fines might be. How are you going to show to a regulator that you took all the steps you could to minimise the risk? If you don’t train and assess your people, it’s hard to argue that you took the proper steps to be compliant and that you are actively evaluating the effectiveness of your training.
Join Questionmark for a webinar on July 26, 2017 to learn more about the basics of GDPR and how assessments can help mitigate the risks of data breaches and fines.
Assessments play an essential role in a defensible compliance strategy.
Questionmark's assessment management system enables you to:
- Develop valid training programs and assessments that align with the competencies of specific job roles and locations
- Test employees in multiple locations, including those on the move
- Improve and document employee knowledge of standard operating procedures
- Accurately record and ensure knowledge of the legal and regulatory requirements
- Deliver course evaluations to improve the effectiveness of your training programs
Best-in-class organisations are increasingly implementing centralised assessment management systems to manage the entire testing process. Questionmark enables you to:
- Author your test questions in a simple, intuitive interface with a system that keeps an audit of your question development
- Schedule your assessment and deliver it in a variety of methods -- from mobiles, to live online proctored examinations, printed paper-based tests and more.
- Comprehensive reports provide management with a unified view of employee performance as well as test performance.
- Develop and deliver job task analysis surveys to employees, reporting on the criticality, frequency and difficulty of their tasks. JTA surveys provide you with valuable data for audits, developing training programs and writing competency assessments.
Let us show you why organisations worldwide count on Questionmark.
Data processors and controllers are jointly responsible for the security of shared data so it’s important that you partner with organisations who are not only prepared for the new regulations but that count security as a top priority. Questionmark has achieved the prestigious ISO 27001 certification for "Information Security Management" by a third-party accredited team of auditors. ISO 27001 ensures Questionmark has applied a framework to business processes to help identify, manage and reduce risks to information security. The internationally recognised certification guarantees that process, technical and people controls are in place and audited to protect the confidentiality, integrity and availability of data on an ongoing basis.
Questionmark's security team are putting measures in place to ensure full compliance with the GDPR by May 2018 and will be supporting our customers to be compliant.
If you’d like further information about Questionmark’s data security processes and policies, then get in touch with us today by emailing firstname.lastname@example.org.