So why is staff training so critical for your data protection?
Blog posted by: Moyn Uddin - Chief Privacy Officer, Cyber Counsel, 05 October 2018.
The much feared GDPR compliance date has come and gone. You have located the personal data your organization processes and ensured you have a lawful basis for processing it. You have published your privacy notices etc. Hopefully, as part of your readiness projects and programmes you have also provided your staff with at least some basic GPDR awareness training. Indeed, the UK Information Commissioner’s Office’s (ICO) guide “Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now“ lists raising awareness within the organization about GDPR as the very first step. But what does effective training for all your staff look like?
It is increasingly accepted that to be more resilient to cyber-attacks you need to deliver awareness training to all employees, as well as ensure your wider partner, adviser and supplier network is trained in handling your data. Everyone has a critical role to play in protecting your valuable and sensitive information. With the advent of the GDPR it has become essential to ensure your staff are fully aware of the differences, risks and the consequences of not protecting personal data.
This is where carefully selected and effective training that is appropriate for the target audience is vital. All too often organizations provide ‘tick-box’ online training which has little or no impact on behaviour change – we’ve all experienced it! With so much now depending on protecting personal data you need to consider a different approach to ensure GDPR training compliance. It needs be to relevant, short, targeted, and most importantly memorable and engaging. Start with asking: ‘So what do our staff really need to know about GDPR?’ and ‘How can we deliver this learning in ways that engage and interest our people?’ The objective must be to develop, change and sustain behaviours designed to ensure effective data protection and resilience.
Short bitesize, scenario-based training that makes GDPR personal is key. Putting the learner in the shoes of the ‘data subject’ and asking ‘What would you do if that was your personal data?’ really can make a difference. Or use real life examples of events and interactions such as accessing government services, online shopping, social media data sharing and stories behind real life security incidents and data breaches to make privacy and security matters real for the learner.
Combining this with innovative formats and techniques and with regular, short, simple refreshers and reminders (perhaps after a near miss or actual incident) will reinforce the learning and help sustain new behaviours.
In addition, the learning material, presentation methods and the content need to be modular, adaptable and part of a continuous learning model. Changes in personal and organizational behaviour should be monitored and good behaviours rewarded as much as repeated poor behaviours punished.
As Elizabeth Denham, the UK’s Information Commissioner has said, your staff really are your best defence and your greatest potential weakness. Your frontline staff are your most important data protection asset – please engage them to help them help you.
Latest News from
The ITIL update in a world of digital and service transformation: ITIL 4 - The Evolution of ITSM Part 215/02/2019 10:20:00
Blog posted by: Christian F. Nissen – CFN Consult, 14 February 2019.
Gaining the trust to transform: Programme management and MSP14/02/2019 10:20:00
Blog posted by: Martin Stretton – Director, NOVO (programme and change management), 13 February 2019.
Best practice in IT, ITSM and the ITIL update: ITIL 4 - The Evolution of ITSM Part 112/02/2019 13:20:00
Blog posted by: Paul Wilkinson – GamingWorks, 11 February 2019.
Get the ball rolling with PRINCE211/02/2019 10:20:00
Blog posted by: Veronika Kiesswetter, AXELOS PR and Communications Manager, 08 February 2019.
ITIL 4 – The Evolution of ITSM Part 108/02/2019 10:20:00
Blog posted by: Paul Wilkinson – GamingWorks, 07 February 2019.
The future of project and programme management – a snapshot of the market07/02/2019 10:20:00
Blog posted by: Allan Thomson – AXELOS PPM Ambassador, 06 February 2019.
The (Not So Secret) Life of a Project Manager06/02/2019 16:20:00
Blog posted by: Michael Macgregor AXELOS Project Manager, 05 February 2019.
4 steps to a successful project management career30/01/2019 10:20:00
Blog posted by: Ana Bertacchini - project management expert, 29 January 2019.