This is it! The last post of our GDPR series and the good news is that this step should be relatively easy to do, but does involve a lot of tracking and communication. I’m talking about privacy training for your employees. There is no point in fulfilling all the steps of GDPR compliance only for one of your employees to mishandle your customers’ personal data by mistake or fall victim to a cyber attack resulting in a data breach. That’s why it is important that your staff understands the requirements and changes the Regulation brings as it will certainly affect their work and your organization as a whole going forward.
As we’ve talked about data protection by design and default, we need to create a privacy-first culture in the organization. That’s why as part of helping the organization to become GDPR compliant, the Data Protection Officer has to raise awareness and provide training to staff involved in data processing operations. For example, knowing the correct procedures to identify a customer caller, recognizing a phishing attack, not changing or modifying specific information, following security and passwords policies, etc. With the rising number of data security breaches that occur, you definitely want your employees to fully know how to protect personal data if you don’t want your company’s reputation to suffer.
The Regulation doesn’t specify what this training entails so it is up to the Data Protection Officer’s discretion to choose the appropriate training.
We’ve got a couple of tips for you (you can find some more here : IT Governance):
At Platform.sh, our teams followed this excellent GDPR training by Troy Hunt but you can find other options such as GDPR training and staff awareness course by IT Governance and Get GDPR ready by IAPP.
Hey, this GDPR series is a great start too! We tried to explain in the simplest language possible what the GDPR is all about, the logic behind it, and what you can do to be sure you are compliant. So make me a required reading for all your staff :) !
As I’ve already said in my previous posts, just because the GDPR came into effect on May 25, the journey isn’t over. It will just take a new road with all its challenges. And with everything this road brings along it is essential to be paved with knowledge, training and awareness.