The General Data Protection Regulation is coming into force on May 25th 2018. Making sure staff are appropriately trained is essential.
In the era of GDPR, ensuring data is subject to appropriate privacy is a fundamental requirement. GDPR also applies something called privacy as practice - privacy considerations need to run deep.
All this means that staff need to be on-side, fully trained and aware of GDPR and its importance.
The UK regulator, the ICO, provides various tools to support training, including posters, training videos and webinars.
Of course it is not necessary for every member of staff to have detailed knowledge in the fashion of a compliance officer, but a good starting point is to ensure staff are aware of key GDPR related issues.
But while there needs to be a broad understanding of GDPR, bear in mind that each company has different requirements. Ensure staff are aware of specific GDPR issues relating to the company.
Examples might relate to the use of passwords - ensuring passwords used at work are different from those used on private social media networks for examples - or policy regarding the destruction of data when it is no longer used.
Ensure training is face-to-face. GDPR compliance is important, regulators expect you to demonstrate you understand this. That means at least some face-to-face training allowing interaction between the trainer and trainee must take-place.
It is important staff feel both qualified but also empowered to flag data breaches or possible issues. So systems need to be in place to encourage staff to advise those charged with compliance responsibility of potential issues, and training needs to make the process involved in reporting on such issues clear.
Don’t delay. GDPR entails complexity. The May 25th deadline is not a guideline - a target to try and meet. The date is set in stone and you must be GDPR compliant by that date. This means there is no time to lose.