The training of your staff on their data protection responsibilities is one of the most important parts of any data protection compliance project or data governance structure in an organisation.
Having policies and procedures in place is no use if your staff are not aware of them or their meaning. Having data subject access requests or a data beach if your staff do not know how to recognise them will put you at serious risk of being in breach of the law.
Your staff are always your front line of defence when it comes to compliance with the requirement of the data protection law. The Accountability Principle in the General Data Protection Regulation (GDPR) says that the tasks of the Data Protection Officer include making the employees aware of the law and training staff.
Read on to find out more about data protection training.
What is data protection awareness?
Data protection awareness is what it says it is, training your staff to know about the information (data) you handle in your organisation and how to keep it safe. You would as a responsible business owner conduct fire drills, have a fire marshal in each department to make sure your staff get out of the building safely and every first Monday of the month, make sure the fire alarm works.
This is to protect your staff and customers who are in the building your business works in. It is also part of the Health and Safety regulation that you have to do this.
It is part of the data protection legislation to make your staff aware of their responsibilities and aware of the law. This forms part of the Accountability principle.
A data protection course can be either face to face or you can provide your staff with an online course to complete. Both have their advantages and disadvantages.
Online courses, the staff can do at their own pace and will provide you with a full record of training to demonstrate your accountability. If they contain a knowledge check or exam, you have a record of your staff’s understanding of the topic. Your staff also are left with access to training materials as they have access to the data protection course for the year.
Face to Face courses remove people from their ‘day job’ for long periods of time and will never get the message across to everyone in the room. You have a record of attendance, but unless you have an exam and insist on a pass rate, you do not have a proper record of understanding.
The worst thing you can do is send out policies expecting people to read them and expect an understanding. This approach never works and will leave you as a data controller vulnerable and at risk.
Do I need GDPR training?
Everyone needs training, guidance, regulation, understanding of regulation and best practice moves quickly in the world of data governance and one should keep up with it.
That is not to say that every time something changes, you should re-train your staff. The people responsible for your data governance, data protection officer, champions, leads etc. should be regularly updated and should self-update on the change as part of their own continuing professional development.
How do you train your staff on the GDPR?
At Propelfwd we offer awareness training in two ways, face to face or online. All of our courses at CPD Certified and updated on a regular basis. We create bespoke online courses for organisations, branded and include relevant data processing examples. Sometimes we interview employees and ask their opinion on data processing and put the interviews as part of the course.
Our face to face training is from Foundation to Practitioner to Data Protection Officers. These courses are run twice a year in Jersey and one a year in Dublin, Ireland.
Data Protection Awareness training is an annual commitment by a data controller. An initial data protection course should be provided to explain the principles, rights and roles of data protection. What a subject access request is and what it could look like, also what a data incident or breach is and how to report them to a manager.
Thereafter, every twelve months a refresher training course should be provided to give a reminder of the Principles, Rights and responsibilities.
Awareness training is all about giving your staff the confidence to know they can report a mistake and 100% know they will not get into trouble for making it. It is hiding the mistake that causes the problems.
Data Protection Awareness training should form part of the onboarding process for new starters within an organisation. On the successful completion of the courses, your staff receive a CPD certificate for their training records and CPD hours for their continued professional development.
How long will data protection training take?
This varies, the initial online course provided by Propelfwd to a member of staff should take about 60 minutes to complete in a single sitting. An online annual refresher is 20-25 minutes. The face to face Foundation course is a one-day course, so 8 hours. The Practitioner course is two days and the DPO is four days.
Why is it important for all staff to have GDPR training?
If your staff do not know about data protection, how can you give assurance to your customers that you are correctly looking after their data? If one of your customers asks one of your staff for a subject access request, and your member of staff does not know what they are talking about, so do not tell anybody. In 30 days’ time, you will be in breach of the law and risk having a complaint made against you.
The Information Commissioner can then audit your total compliance, if you have not trained your staff, what else have you not bothered to do?
Your staff are your front line and your defence against personal data breaches and breaches of the data protection laws. If they know what your customers are asking for, not only will you be protected, but your customers will know their information is in safe hands, because you take data protection seriously.
What is GDPR 39?
Article 39 GDPR outlines the tasks of the Data Protection Officer, part of which is data protection awareness-raising and training of staff involved in processing operations, and the related audits. This places the responsibility for training staff on data protection awareness at the doorstep of the DPO.
Why choose PropelFwd?
The Propelfwd team have built up vast experience dealing with data protection in a multitude of jurisdictions, so can say they are data protection experts, understanding the data processors needs, the data subjects needs and tailoring the training material for the training courses to explain the data protection regulation, data protection act, new legislation, information security, non-compliance and data privacy in a simple understandable and relevant way.
As a training provider Propelfwd aim their courses at staff who handle personal information as part of the day to day job or come into contact with customers. The benefits of training staff and providing certification and skills will protect the company and clients, improve the services offered and show your staff for the professionals they are.
Propelfwd’s training methods to provide awareness of the UK GDPR and the EU GDPR will help towards a cultural shift of best practices and staff who comply and are interested in protecting data.
Contact Propelfwd and explain your training needs, they will build your course around your requirements, deliver it to your staff and monitor their progress. Once complete, your staff will be sent a CPD certificate of achievement.