How to train your staff on GDPR
With one month to go until GDPR becomes enforceable (and remember those hefty fines for non-compliance), your organisation is probably nearly ready, but are your staff?
Research suggests that 80% of data security incidents involve staff, so GDPR is more than just a box-ticking exercise, successful compliance could depend on your staff being trained effectively on their data protection responsibilities.
Training can often be bottom of the list, but when the penalties for non-compliance are so severe it’s essential that you take the necessary steps to ensure all your staff are aware of their responsibilities.
What staff need to know about GDPR
The first step is of course to identify what your staff need to know.
Readiness for GDPR will involve some significant internal changes, so the delivery of training updates to your staff should be planned using the following business functions:
1. HR – an opportunity to provide an overview of updates to the staff handbook and internal data protection policies.
2. IT – this is a good opportunity to refresh staff on the best practice use of internal IT systems, appropriate use of email, passwords, social media, homeworking and the non-disclosure of personal data over the telephone etc.
3. Data Protection Officer – they can direct staff to your organisation’s intranet or wherever the GDPR policies and processes are stored, inform staff how to handle a subject access request, report a data breach, and how to get support from the DPO when they need it.
These training updates could be delivered face-to-face, but this would be a time-consuming and costly use of resources, with lots of people sat in a room wishing they were getting on with doing their real job (probably including the presenter). Or it could be delivered via an email to staff, which is all-too-common and a genuinely terrible idea, impersonal, likely to be ignored and impossible to track who has been properly notified (and really, who needs more emails?).
Added to this, your staff will need generic annual GDPR training, and those responsible for handling personal data will also require more in-depth annual training, all of which needs to be logged and tracked.
How to deliver GDPR training (and avoid headaches or hefty fines)
The most efficient way to manage this is via customisable digital learning. To ease the administrative overheads, enable self-paced learning for what is an info-heavy topic, and easily deploy and track ongoing induction and refresher training, it’s a no-brainer to use digital learning solutions.
Not all GDPR eLearning modules are created equal and there are plenty of them out there. Some allow you to customise them yourself, so you could add in your staff handbook, or a video of the HR Director talking about the GDPR responsibilities of your organisation, or a picture of your DPO and how to contact them, or a scenario bringing your internal IT policies to life. Some digital content suppliers also provide a learning platform to track staff completion and test results.
Here are a couple of digital learning suppliers offering customisable GDPR modules, they also offer the Totara Learn platform to track the learning.
Learning Pool - offers 5 GDPR e-learning modules, built and customisable using their Adapt Builder authoring tool.
Engage in Learning - offers CPD accredited GDPR modules, a 20 minute module for all staff and a more in-depth 40 minute module for those staff responsible for handling sensitive data.
Learn Fox can make your digital learning projects easy by providing project management and digital & blended learning consultancy to help you ensure you’ve got your GDPR training covered.