So why is staff training so critical for your data protection?
Blog posted by: Moyn Uddin - Chief Privacy Officer, Cyber Counsel, 05 October 2018.
The much feared GDPR compliance date has come and gone. You have located the personal data your organization processes and ensured you have a lawful basis for processing it. You have published your privacy notices etc. Hopefully, as part of your readiness projects and programmes you have also provided your staff with at least some basic GPDR awareness training. Indeed, the UK Information Commissioner’s Office’s (ICO) guide “Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now“ lists raising awareness within the organization about GDPR as the very first step. But what does effective training for all your staff look like?
It is increasingly accepted that to be more resilient to cyber-attacks you need to deliver awareness training to all employees, as well as ensure your wider partner, adviser and supplier network is trained in handling your data. Everyone has a critical role to play in protecting your valuable and sensitive information. With the advent of the GDPR it has become essential to ensure your staff are fully aware of the differences, risks and the consequences of not protecting personal data.
This is where carefully selected and effective training that is appropriate for the target audience is vital. All too often organizations provide ‘tick-box’ online training which has little or no impact on behaviour change – we’ve all experienced it! With so much now depending on protecting personal data you need to consider a different approach to ensure GDPR training compliance. It needs be to relevant, short, targeted, and most importantly memorable and engaging. Start with asking: ‘So what do our staff really need to know about GDPR?’ and ‘How can we deliver this learning in ways that engage and interest our people?’ The objective must be to develop, change and sustain behaviours designed to ensure effective data protection and resilience.
Short bitesize, scenario-based training that makes GDPR personal is key. Putting the learner in the shoes of the ‘data subject’ and asking ‘What would you do if that was your personal data?’ really can make a difference. Or use real life examples of events and interactions such as accessing government services, online shopping, social media data sharing and stories behind real life security incidents and data breaches to make privacy and security matters real for the learner.
Combining this with innovative formats and techniques and with regular, short, simple refreshers and reminders (perhaps after a near miss or actual incident) will reinforce the learning and help sustain new behaviours.
In addition, the learning material, presentation methods and the content need to be modular, adaptable and part of a continuous learning model. Changes in personal and organizational behaviour should be monitored and good behaviours rewarded as much as repeated poor behaviours punished.
As Elizabeth Denham, the UK’s Information Commissioner has said, your staff really are your best defence and your greatest potential weakness. Your frontline staff are your most important data protection asset – please engage them to help them help you.
Latest News from
ITIL 4 – a healthy balance of structure and agility17/10/2019 10:20:00
Blog posted by: Ola Källgården – consultant in IT governance, agile transformation and organizational change, Olingo Consulting, 16 October 2019.
AXELOS survey reveals almost third of university graduates are not adequately prepared for their careers16/10/2019 16:20:00
Almost a third (31%) of graduates say their degree didn't prepare them with the skills needed for their job. This is the result of a recent survey conducted by AXELOS* among 810 graduates across the UK.
PRINCE2 Agile – reducing project delivery cycles16/10/2019 10:20:00
Blog posted by: Anna Guglielmo – PRINCE2 Agile Practitioner and FinTech project manager, 15 October 2019.
ITIL 4 – embedding Lean and Agile to move quickly and disrupt markets14/10/2019 12:43:00
Blog posted by: Mauricio Corona – Part of the ITIL 4 Architect Team, 11 October 2019.
Elas Projetam: Giving professional women a voice in Brazil11/10/2019 10:20:00
Blog posted by: Vanessa Guimarães – Founder, Elas Projetam, 10 October 2019.
ITIL 4 Foundation – 7 tips to prepare09/10/2019 10:20:00
Blog posted by: Amy Metcalfe and Solmaz Purser, Project Editors at AXELOS, 08 October 2019.
Lean, Agile and ITIL 4 in ITSM and organization-wide03/10/2019 10:20:00
Blog posted by: Jon Terry: Chief Evangelist, Lean-Agile Strategy – Planview, 02 October 2019.
The communication problem01/10/2019 15:20:00
Blog posted by: Tom Lynam, AXELOS Territory Brand Manager, 01 October 2019.