The trouble with data protection laws is that it is difficult to keep up, and many companies are not sure whether they need to comply to them. Training your executive team helps the entire organisation in navigating these laws. A common misconception is that because your company is located in one country, you’re not subject to the laws of another country – this is simply not true. There are agreements in place between countries, and if you are processing data from, or in, another country, chances are you need to be complying. You may not even realise that your business processes and systems make you liable!
Frequently Mentioned Laws
The four most prevalent laws that I see in my consulting are GDPR in Europe, POPIA in South Africa, the Australian Privacy Act, and the CCPA in California. Using GDPR as an example, let’s take a look at whether it applies to your company. If you answer yes to any of the following questions, chances are GDPR applies to you!
- Do you have operations anywhere in the EU?
- Do you hold data of people that reside in the EU (whether they are citizens or not)?
- Do you hold data of people that are travelling within the EU?
- Do you offer goods or services in any EU currency or language (other than English)?
- Do you monitor the behaviour or build a profile of people in the EU?
Pretty broad strokes, right? Many people are caught off guard by some of these questions, not realising that they need to comply with the regulations or face potential penalties.
Educating the Executive Committee
Compliance is not a one-person job. Your whole Exco team needs to be aware of data protection and how it applies. Too often, compliance with data protection is lumped on the IT department, thanks in part to marketing from service providers stating they have silver bullets for your compliance needs, which are almost always a software implementation. As much as these software packages are great, you still need feet on the ground managing compliance company-wide, something that IT is not necessarily versed in.
To get this company-wide buy-in, you need to make sure that your executive team members are all on the same page as far as data protection is concerned. You don’t want your whole team out of the office for a 1-2 day workshop, and we understand that. We offer an affordable 1-hour Executive Education session with your Exco team (at your offices or remotely), unpacking your business and how you may need to comply, while simultaneously educating the entire team present with practical advice and guidance. The discussions are fluid and are aimed at bringing to light any “blind spots” you may have around data protection. Some of the topics that would be covered are:
- What classifies as personal information
- What laws your business needs to be aware of
- What is your current maturity level
- What do you and don’t you need consent for
- How do you go about starting your compliance effort
These are by no means an exhaustive list of what is covered in a session, given that every business is different. To book your session, complete our quick assessment form at exed.rossgsaunders.com. Once completed, you’ll be contacted to book a session in the coming weeks – whenever it suits you to have your whole team present. The session fee is R1250 and is suitable for up to 10 attendees. Please let us know if you have more Exco members than this so that we can arrange a custom session for you.