Training your staff regarding General Data Protection Regulations (GDPR)

West HR GDPR Advice


If your company collects, uses or stores people’s personal data, then this is important. New GDPR laws came in to force on May 25th which evolved from the Data Protection Act 1998. Under the new GDPR law, employees who handle or process personal data should receive adequate training about their responsibilities regarding data protection. Good practice dictates that new staff members should receive initial training as part of their introduction to the business, whilst all other employees should receive refresher training on a regular basis, or after a significant change to the legal requirements.

Is IT secure?

Personal information must be processed in a manner which ensures its security. This includes protection against accidental loss or damage. IT security training is an essential part of GDPR compliance. The actual elements of your company’s IT security training will differ depending on the type of data which is stored and the level of access that a user has, but basic security training should include items such as the maintenance of strong passwords, the deletion of spam email messages without even opening them, and an awareness of possible prosecution if data is deliberately distributed without the data owner’s permission.

Reinforce the message

Appropriate organisational and technical measures to secure personal data must be in planned and in place. Key messages regarding GDPR should be communicated to all staff who have, or might have, access to personal data. Training messages should be repeated regularly to help the messages to stick and to reinforce any official training. Ways to achieve this internally can include team meetings, notice-board posts, the company intranet or memos sent by instant messenger. All reminders will help to get the message across and enable data security to stay front of mind.

Or What?

If personal data is not handled, processed, transferred and stored securely (including arrangements for the data to be ‘forgotten’ on request) then your company could face prosecution and fines. A case which recently made headlines involved Morrisons supermarkets and the deliberate release, by a disgruntled employee, of the personal data of approximately 100,000 employees. The case highlights the overarching responsibility of employers to ensure the security of personal data. It also demonstrates the potential for vicarious liability, where a company can be held responsible for the malevolent actions of an employee.

The bottom line: GDPR training is essential

For further advice on how you can ensure GDPR compliance, or for more details on how GDPR affects your company, feel free to contact us.

Latest News

Management Training this way?

Managers are often promoted into the role due to their technical knowledge or long...

read more

Can your business benefit from external HR support?

The legal challenges which surround typical HR issues can be daunting for SME owners,...

read more

Useful tips on how to lose the holiday blues

Ready GO! It can be a challenge to regain a work-positive mind-set after a...

read more

What’s in it for (S)ME?

What’s in it for (S)ME? Working for a Small to Medium Enterprise (SME) can...

read more

Ask Us

You’ve got a people problem...
We can help you.

Learn More


Sign up to our newsletter for all the latest news and events.

Your privacy matters to us. We promise to keep your information safe and we’ll only get in touch with you according to your preferences. You can read more about how we store and use data in our privacy notice.