The EU’s Data Protection Regulation comes into effect on 25th May 2018. For the ones fond of acronyms, the abbreviated name of the regulation, GDPR, is already in fluent use, but for many organizations, the term is still abstract and foreign. And thus, more often than not, the approaching deadline hasn’t caused exhaustive action. And there’s no reason to panic just yet, while there is still months of leeway.
This long-awaited regulation has quite understandably caused a fair bit of confusion and concern, as it is the case in many companies that the concrete measures required by the GDPR are unclear and obscure. Naturally, there are official publications and declarations by the authorities for those inclined and trained in such matters to suffer through, but for the ordinary individuals, the value such documents provide is close to none.
In many organizations, lots sleep has been lost over some of the obligation imposed by the GDPR. To meet the requirements of the regulation, it is not only sufficient that the proper and appropriate measures are taken, the measures must also be demonstrated to have been taken, and they must be sufficiently documented. Another principle of the GDPR, which is quite welcome as a general idea, is the fact that General Data Protection Regulation is in fact based on risks. This promotes allocating safeguards to the areas where they are detrimental. This, of course, is the fundamental principle of all risk management and a very welcome addition to the processing of personal data. However, this introduces some difficulties with how the risks should be interpreted.
Fortunately, there are already simple and easy-to-use solutions available for these challenges brought on by the GDPR. For both, the reducing of risks associated with the processing of personal information, and for the mandatory obligation of GDPR to prove compliance with the regulation, the best solution is the training of employees. The fact is that, in the end, most of the breaches of data protection and privacy caused by a human error. The company’s personnel are also an excellent resource for the purposes of developing data protection, systems and practices as long as they are informed of the basics of it and competent enough to identify shortcomings in these areas.
When it comes to the actual deployment of data protection processes, the question is, what is the proper and best way for an organization to get the ball rolling. There are, as there often is, several options offered for this very predicament. The most common solutions are traditional class-based orientations and training sessions, and seminars held in conference centres. And then there are e-learning solutions, training and courses, that can be taken anywhere at any time. Even though factors like the size and specific needs of the organization in question have value in the decision-making process, the most influential resources in the modern business environment are time and money. This is why we at Granite always recommend agile e-learning solutions for organizations of all sizes. A tried and recommended principle is to provide efficient online training for everyone even remotely associated with personal information and date, and focus more efforts on more cumbersome operations such as classroom training and practical exercises for specialists.
We consider e-learning as the best possible solution to GDPR-related issues, mainly because no matter the size or industry of the organization, the obligations of the EU’s Data Protection Regulation remain the same for everyone, and prompt same issues in every organization: How will the GDPR affect our business? Or, how can we effortlessly comply with demonstration obligation?
Agile online training solves GDPR concerns easily and effortlessly, but it’s best to recognise that not e-learning endeavours are on an equal footing. When training is intended for the whole staff, it is vital that the actual substance of the course is designed to be approachable, coherent and centred around issues and instances the trainees can actually have an impact on in their positions. It’s also important that that training covers subjects that are truly prominent in their everyday routines. This is why we at Granite strongly advocate subjects concerning the fundamentals of data protection, to effortlessly implement data protection processes to everyday actions of the organization. We adamantly advise against making assumptions about the prevalent data protection competence. Judging from experience, we are far too familiar with the allure of thinking that data protection principles are already familiar to everyone. Focusing on the following themes might reveal unexpected intelligence of the organization’s current standards: What is data protection? What personal information can be collected and on what grounds? How is personal data processed? What rights do you have?
When the cost of training is kept on a manageable level, benefits of the operation can be maximized by training all staff at once. In this way, the development of data protection and information security aware corporate culture is not only the burden of specialists or persons handling personal data, but the whole organization can be involved in its development.
Try our Data Protection Online Training for free!
EU’s General Data Protection Regulation (GDPR) obligates organizations to prioritize data protection training of their employees. You can try our Data Protection Online training free of charge by signing up for the free trial with your email. No credit card needed.