Training your staff regarding General Data Protection Regulations (GDPR)

West HR GDPR Advice

 

If your company collects, uses or stores people’s personal data, then this is important. New GDPR laws came in to force on May 25th which evolved from the Data Protection Act 1998. Under the new GDPR law, employees who handle or process personal data should receive adequate training about their responsibilities regarding data protection. Good practice dictates that new staff members should receive initial training as part of their introduction to the business, whilst all other employees should receive refresher training on a regular basis, or after a significant change to the legal requirements.

Is IT secure?

Personal information must be processed in a manner which ensures its security. This includes protection against accidental loss or damage. IT security training is an essential part of GDPR compliance. The actual elements of your company’s IT security training will differ depending on the type of data which is stored and the level of access that a user has, but basic security training should include items such as the maintenance of strong passwords, the deletion of spam email messages without even opening them, and an awareness of possible prosecution if data is deliberately distributed without the data owner’s permission.

Reinforce the message

Appropriate organisational and technical measures to secure personal data must be in planned and in place. Key messages regarding GDPR should be communicated to all staff who have, or might have, access to personal data. Training messages should be repeated regularly to help the messages to stick and to reinforce any official training. Ways to achieve this internally can include team meetings, notice-board posts, the company intranet or memos sent by instant messenger. All reminders will help to get the message across and enable data security to stay front of mind.

Or What?

If personal data is not handled, processed, transferred and stored securely (including arrangements for the data to be ‘forgotten’ on request) then your company could face prosecution and fines. A case which recently made headlines involved Morrisons supermarkets and the deliberate release, by a disgruntled employee, of the personal data of approximately 100,000 employees. The case highlights the overarching responsibility of employers to ensure the security of personal data. It also demonstrates the potential for vicarious liability, where a company can be held responsible for the malevolent actions of an employee.

The bottom line: GDPR training is essential

For further advice on how you can ensure GDPR compliance, or for more details on how GDPR affects your company, feel free to contact us.

Latest News

Training your staff regarding General Data Protection Regulations (GDPR)

  If your company collects, uses or stores people’s personal data, then this is...

read more


May Newsletter – Seven steps to 21st century data protection

In this newsletter we set out some advice for employers on complying with the...

read more


Shared Parental Leave

In 2014 a set of regulations came into force regarding the rights of parents...

read more


Unconscious bias in the workplace

Our brains make decisions and judgements with incredible speed. We’re hard-wired by personal experience,...

read more


Ask Us

You’ve got a people problem...
We can help you.

Learn More

Newsletter

Sign up to our newsletter for all the latest news and events.

Your privacy matters to us. We promise to keep your information safe and we’ll only get in touch with you according to your preferences. You can read more about how we store and use data in our privacy notice.