Here’s a surprise for you. GDPR training is not mandatory, however failure to show that all of your employees have not been given relevant training on GDPR will without doubt demonstrate GDPR non-compliance and all that is associated with it.
What is relevant training?
Such relevant data privacy training includes even those whose duties do not have access to personal data. Why? Because they need to act appropriately if they unintentionally come across any personal data. Failure to do this can lead to personal data breaches (PDB) which could be prevented.
Training is the first line of defence to mitigate risks to personal data. Remember that GDPR is all about reducing the risk to personal data in order to protect the organisation. It’s important to realise that both the individual (the appointed Data Protection Officer) and the organisation can be fined.
How not to be fined
An organisation’s inability to demonstrate data protection training for all employees will be regarded as an aggravating factor in the context of an investigation by the supervisory authority – the ICO. This will result in higher sanctions and fines being imposed.
Compliant GDPR training requires the following: the correct content, a test of the learning to identify those in need of further training and an attendance record. Crucially, the importance of the training is to foster an internal culture of data protection by default.
Under GDPR data protection training, the obligation extends to maintaining knowledge of all other relevant laws, directives and regulations and places a higher duty on the organisation to ensure this is carried out under the previous data protection directive or Data Protection Act 1998.
Yes, a higher burden of proof
Employee training under the GDPR places a higher burden on the organisation to provide a training timetable that covers all departments of the business. Remember, this is training for everyone in the business from the top down to the newest member of staff.
Learning outcomes from such training should include a clear understanding of all duties and responsibilities among data-processing staff as well as the confidence to seek clarification on support from their supervisors where necessary.
In some departments of the organisation, training is either yearly, quarterly, or biannually. So yes, everyone needs some training.
We can make GDPR make sense, so please call us for a chat on 0333 444 614 or email email@example.com