Why do companies need to comply with General Data Protection Regulation (“GDPR”) in 2022?
Nowadays, most businesses have already realized how important it is to track and follow updates in the field of data protection to avoid fines from EU supervisory authorities. The question is: how to build privacy as a culture in your company?
We believe it is almost impossible to achieve this goal without proper education of the company’s personnel. Article 39 GDPR states that one of the tasks of the DPO is to raise awareness and perform trainings of staff involved in processing operations.
Please click here to read the details.
What are the main vectors of the GDPR-related training?
- Team members usually deal with some amount of your customers’/users’ personal data as processors (rarely as controllers). They will be prepared for data breaches, data subject requests and overall data security rules.
- Employer in most cases collects some personal data from its employees. Team members will know about their rights as data subjects in order to prevent any violations (or unreasonable expectations: for example, the company won’t be able to delete all data on the ex-employee because of the labour law, and the former employee shall know and understand why their request for deletion is refused).
What does GDPR training consist of?
Actually, it depends on the company and its processing activities. However, basic model of GDPR training may be the following:
- General information on the GDPR, namely main subjects, principles, rights of the data subjects, rules on international data transfers, role of the DPO and other issues enlightened in the GDPR.
- Specialized information, which is separately prepared based on the company’s particular processing activities. As different members may have different roles in the data processing, there could be separate trainings for different departments in order to describe to them their role in details.
- Case study, Q&A session and test to reveal the actual level of employees’ awareness and area of enhancement.
What special and individually prepared information should your team get?
- This stage may include preparation of data maps which make clear how the personal data “run” inside and outside the company and even country. As your team understands the data flow, they will be much more confident in processing personal data.
- Moreover, every team member will get acquainted with his/her role, rights and responsibilities regarding their processing of personal data.
- More than that, team members will be completely ready to face data breaches, having enough competence to avoid or minimize its consequences, report it to the necessary authorities and internal specialists in time.
- Last but not least, data subject requests! As GDPR provides a wide range of rights for the data subjects, they may and WILL exercise their rights presumably in the form of a data subject request. Thus, it is important for every team member to know WHAT is a data subject request, HOW can they identify it, to WHOM it shall be transferred and in WHAT WAY it may be answered in accordance with GDPR requirements, which establishes time limits for response and obliges data controllers to provide information in a particular form.
After the training, which may be held online with the opportunity for team members to ask questions and then recorded, so everyone may watch it once again or later at a convenient time; team members shall pass the test to check how they have understood the information provided. Test is an important part of the GDPR training, as it directly shows how ready your team is to face data protection challenges. Additionally, the test underlines the most problematic questions which may be spoken out once again and serves as a decent proof for supervisory authorities that the company aims to comply with GDPR provisions and tries its best to make its business GDPR-compliant.
We can help you!
All in all, Legal IT Group offers its services of performance of GDPR trainings as a DPO for your team in order to prepare your team for any possible challenges they may face while working with personal data.
Reminder: to make a donation please click here.