GDPR Training - Customizable Learning Allows Whole Organizations to Comply
Yesterday marked six months since the General Data Protection Regulation (GDPR) came into force. While it is an EU legislation, GDPR has a global reach; how can customized training help US companies comply?
LONDON, Nov. 26, 2018 /PRNewswire-PRWeb/ -- Yesterday marked six months since the General Data Protection Regulation (GDPR) came into force. The European law has seen several American-based websites block EU visitors, computer software giant Microsoft faces the prospect of huge fines and consumers becoming increasingly wary of how their data is being used. Many businesses have yet to enroll their staff in GDPR training, one of the key steps to becoming compliant.
In May 2018, as businesses across the globe scrambled to meet the May 25 GDPR deadline, almost 35,000 users completed VinciWorks' modular GDPR training. Today, VinciWorks, a leader in compliance training, still records around 5,000 completions a month. While many of the completions come from new employees being enrolled in training from their first day, the majority of completions represent the high number of employees who are behind in their data protection training.
It is important that all staff understand their requirements under GDPR. Without having a clear grasp of how to process and store data while complying with the law, staff run the risk of breaching GDPR and compromising individuals' data.
VinciWorks' course builder is embedded in the course GDPR: Privacy at Work. Following a short questionnaire, the builder creates a course for each individual based on their preference, role within the company, the jurisdictions they operate in and more. For example, training for a Data Protection Officer will include a module specific to that role while someone who markets to or does business with American citizens will get a module on the EU-US Privacy Shield. Those who regularly process large amounts of data, such as marketing professionals and HR, will typically take a longer course, meaning staff won't be spending time on training that isn't relevant to them.
Many clients add internal GDPR-related policies, such as privacy notices and data protection policies, to their training. This provides users with a clear understanding of the company's procedures and some best practice guidance. Further, courses can be customized to include internal procedures and relevant contact people, such as a Data Protection Officer, in case of a data breach or any data protection questions. GDPR training and GDPR compliance should go hand-in-hand and being able to add any internal information to the course allows users to access any information they need directly from the course.
Further, employers can easily create content for their own module, including information and questions on the company's procedures and policies. For example, such a module could feature questions such as "who should you contact in case of a data breach?" and "What do I do if I accidentally send an email to the wrong person?". The module could also contain guidance related to a particular industry or role, further insuring staff are only taking training related to their responsibilities.
Even for companies whose staff have completed GDPR training, if they completed the training ahead of the May 25 deadline, up to a year could have passed since they completed the training. Staff should review their knowledge of the requirements under GDPR regularly. While we recommend staff take refresher training every six months, our research shows that taking the same course regularly is less effective. Staff prefer refresher training to be shorter and different. VinciWorks' five minute GDPR knowledge checks present ten questions, with feedback given after each answer. Job-specific knowledge checks, such as those for marketing or HR staff allow users to take refresher training most specific to their role. Further, a knowledge check can also easily be created by any company to provide the most relevant questions.
While EU businesses must now comply with GDPR, the majority of American-based organizations are unaware of the preparation it takes to be compliant with the new privacy laws that are slowly becoming the norm. For example, California has adopted a law similar to GDPR called the California Consumer Privacy Act, set to take effect on January 1, 2020. While The Act mainly applies to any business that operates or collects consumer's personal information from the State of California, it is expected that other states will follow suite. Additionally, building a culture whereby protecting individuals' data is of paramount importance. GDPR has given all businesses, not just those based in Europe, an opportunity to be pioneers in data protection.
###
About VinciWorks:
Founded in 2004, VinciWorks is a leading provider of online compliance training and risk management software. With over 250,000 users across 70 countries, VinciWorks has established itself as the definitive authority in online compliance. VinciWorks offers interactive and completely customizable GDPR training, with a GDPR course created especially for US-based staff. VinciWorks' pioneering course, GDPR: Privacy at work, can be tried for free here.
SOURCE VinciWorks
Share this article