Training & Awareness

GDPR training

According to the UK Information Commissioner’s Office (ICO) data security incident trends, about 80% of data breaches result from human error, so it is fundamental to any data protection policy that your staff is appropriately trained.

Once your employees understand the risks, they’re more likely to act with greater care and get behind the policies and procedures put in place to comply with the regulation.

Under GDPR, all businesses are liable for hefty fines in the event of a serious personal data breach, and not training staff could expose companies to significant financial and reputational costs.

GDPR training includes understanding who to obtain valid consent; what can and can’t be done with personal data once it is collected; how long to keep that data; what; what to do in the event of a personal data breach; and how to respond to information request from individuals based in the UK.

Who needs to be trained?

Basic training of the GDPR principles is necessary for everyone in the organisation but bespoke training needs to be provided to specific roles dealing with large volumes or special categories of personal data processed by the organization.It is the responsibility of the organization to train their staff to understand the effects of data protection legislation, especially if violations of corporate privacy policies and procedures could result in disciplinary issues or worse.

General employee training should include:

  • an explanation of the regulation that applies to your organization and why it is required
  • a description of the key principles of GDPR and how they apply to the activities of your organisation
  • information on the main points of your organisation’s data protection policy and where it can be found
  • information on where to get answers to questions
  • What is meant by personal data and how your company uses it
  • Identifying red flags, breaches and what to do when they are discovered

Specific roles

Employees with roles in marketing, sales, customer service, legal, HR, database management and computer security will require enhanced levels of training based on the levels of access and types of personal data they need to handle for performing their duties.

For example, call-centre or customer-facing staff need a working knowledge of the right to access or data erasure requests and the strict time frames required for the organization to respond.

Another example of specialist data protection training applies to the HR team. They will need coaching on how to handle employee data, including candidate subject-access requests.

Keep a record of training

It is important you maintain training records to demonstrate compliance with the GDPR regulation should an investigation by the ICO request to see them.

When to review training

As with any regulation, things change over time, so it is important to review and update data protection training at least once a year.

Why Training from Lionheart Squared?

We have contributed to the development of a wide range of data protection training for multinational financial institutions to local enterprises, including delivering GDPR updates to The Institute of Data Marketing ( 2017-2018 GDPR curriculum, as well UK staff or a Big-4 firm, financial institutions, and online software companies. In addition to assisting with updating existing materials in your training portfolio, we can also assist in delivering data protection courses via live webinars, gamification learning platforms and work with your design teams to create compelling animated learning videos

If you would like to discuss what we can do for you then give us a call 

0753 414 7975