GDPR Compliance Journey - 16 Training

Gydeline
21 May 201804:55

Summary

TLDRIn this informative video, Mike Salim discusses the importance of GDPR training for organizational compliance. He emphasizes the need for initial training upon regulation enforcement, inclusion in induction for new members, and refresher courses during changes in systems or processes. The training should cover understanding GDPR, its impact on the organization, and individuals' roles in data protection. Salim also highlights the use of booklets for reinforcing key concepts and stresses the significance of employee awareness in safeguarding personal data.

Takeaways

  • 📅 Training should start immediately to get everyone up to speed with GDPR requirements.
  • 🆕 Include GDPR training in the induction process for new employees to ensure they understand their responsibilities.
  • 🔄 Conduct refresher training whenever there are changes in systems, locations, or source information to maintain compliance.
  • 📘 Effective training should cover not just the GDPR regulations but also what they mean for the specific organization.
  • 👥 Employees need to know what information is being processed, who the key contacts are, and what their specific roles entail.
  • 🗂 Practical advice should be included, such as daily actions employees can take to protect personal data.
  • 📖 Providing training booklets can help attendees retain the key concepts discussed during sessions.
  • 🔑 Focus on the roles and responsibilities of data controllers and other key personnel within the organization.
  • 🔒 Emphasize the importance of technical measures and practical tips for maintaining data security.
  • 🚫 Remind employees that people are often the biggest risk to data security, highlighting the need for comprehensive training.

Q & A

  • What is the primary purpose of GDPR training in an organization?

    -The primary purpose of GDPR training is to improve awareness within the organization about the regulation, ensuring that employees understand their responsibilities in protecting people's information and complying with GDPR requirements.

  • When should an organization first conduct GDPR training?

    -An organization should first conduct GDPR training as soon as the regulation comes into force to get everyone up to speed on what is required and to ensure they know what to do.

  • Why is it important to include GDPR training as part of an organization's induction activities?

    -Including GDPR training as part of induction activities ensures that anyone new joining the organization is aware of their responsibilities under GDPR from the start, promoting compliance from the outset.

  • What is one of the scenarios when additional GDPR training should be conducted?

    -Additional GDPR training should be conducted if there are changes in systems, locations, or the source of information processed by the organization, to refresh employees' understanding of their responsibilities.

  • What are some key pieces of information that should be included in GDPR training besides explaining the regulation itself?

    -Besides explaining the regulation, GDPR training should also cover understanding what GDPR means to the organization, the types of information being processed, key people within the organization, and the employees' contributions to GDPR efforts.

  • What does the speaker suggest as a useful tool for individuals to remember key concepts from GDPR training?

    -The speaker suggests training booklets as a useful tool for individuals to understand and take away key concepts from the training session.

  • What is the content of the training booklet mentioned in the script?

    -The training booklet includes an overview of personal data, special types of data, data controllers, key people in the organization, rights and measures, technical measures, and practical day-to-day help in protecting personal data.

  • Why is it important to avoid technical terms in the training booklet?

    -Avoiding technical terms in the training booklet makes the content more accessible and understandable to a wider audience, ensuring that the key concepts are grasped without confusion.

  • What is the role of employees in protecting personal data according to the training booklet?

    -The role of employees in protecting personal data includes understanding their contribution to GDPR efforts, using personal devices responsibly, clearing personal data from devices when leaving the organization, and being sensible with personal information.

  • What is the final reminder provided in the training booklet regarding the biggest risk to data?

    -The final reminder in the training booklet is that people are the biggest risk and threat to data, emphasizing the importance of well-trained employees in complying with GDPR and protecting personal information.

  • What will be the topic of the next video in the series according to the script?

    -The next video in the series will be about data breaches.

Outlines

00:00

📚 GDPR Training Importance and Timing

In this paragraph, Mike Salim emphasizes the significance of training in raising awareness about GDPR within an organization. He suggests that training should be conducted immediately as the regulation comes into force to ensure everyone is up to speed. Additionally, training should be part of the induction process for new employees to familiarize them with their GDPR responsibilities. Lastly, any changes in systems, locations, or data processing should trigger refresher training to keep staff informed and compliant.

📘 Key Elements of GDPR Training

This section outlines the essential components of GDPR training. It's not enough to just understand the regulation; individuals must also grasp its implications for their organization, including the types of information processed and the key personnel involved. The training should also clarify employees' contributions to GDPR compliance, such as their daily responsibilities and the actions they should and shouldn't take to safeguard personal data.

📓 Training Materials and Resources

Mike introduces the training materials used in their organization, including a free presentation available on the guideline website and training booklets. These booklets serve as a takeaway for attendees, summarizing key concepts and providing a reference for their role in protecting personal data. The booklets are designed to be accessible, avoiding technical jargon, and cover topics such as personal data, special data types, data controllers, rights, measures, and technical safeguards.

🛡️ Practical GDPR Compliance Tips

The final part of the script focuses on practical advice for daily GDPR compliance. It includes reminders for employees to clear personal data from their devices when leaving the organization and to exercise caution when handling personal information. The training also covers the importance of understanding and complying with security processes, thinking before collecting personal data, and the overarching message that employees are the most significant risk to data security. The goal is to have well-trained personnel as the best defense against data breaches.

Mindmap

Keywords

💡GDPR

GDPR stands for General Data Protection Regulation, which is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside these areas. The video emphasizes the importance of training to ensure awareness and compliance with GDPR within organizations. For example, the script mentions that training should be conducted when the regulation comes into force, and it should be part of induction activities for new members.

💡Training

Training in the context of this video refers to educational programs designed to inform and prepare individuals within an organization about their responsibilities under GDPR. It is a key component in improving awareness and ensuring that employees understand the steps they need to take to protect personal information. The script outlines when training should be conducted, such as immediately after GDPR comes into effect, during induction for new employees, and when there are changes in systems or processes.

💡Awareness

Awareness, in this script, pertains to the knowledge and understanding that employees must have regarding GDPR and its implications for their actions and responsibilities. The video suggests that training is a great way to improve awareness, which is crucial for compliance with data protection regulations. For instance, the script states that training helps people know what they have to do and be responsible for protecting people's information.

💡Induction

Induction refers to the process of onboarding new employees into an organization. In the context of the video, it is highlighted that training on GDPR should be included as part of the induction activities to ensure that new joiners are immediately aware of their responsibilities under GDPR. This is exemplified in the script where it is mentioned that anyone new joining the organization should be aware of their responsibilities under GDPR.

💡Data Protection

Data protection involves safeguarding personal data from unauthorized access, use, or disclosure. It is a central theme of the video, which discusses the importance of training to ensure that employees understand how to protect personal data in compliance with GDPR. The script touches on this by emphasizing the need for training to make sure people are aware of what they need to do to protect information.

💡Personal Data

Personal data, as discussed in the video, is any information relating to an identified or identifiable individual. The script explains the importance of understanding what constitutes personal data and the special types of data that an organization might process. It is a fundamental concept in GDPR compliance, as the regulation is designed to protect personal data and ensure that it is handled responsibly.

💡Data Controller

A data controller is an individual or organization that determines the purposes and means of processing personal data. In the video, the script discusses the importance of identifying data controllers and key people within the organization who are responsible for data protection. This is crucial for ensuring that there is clear accountability and understanding of who to contact regarding data issues.

💡Compliance

Compliance in the context of this video means adhering to the rules and regulations set forth by GDPR. It is a primary goal of the training discussed in the script, as the aim is to have employees well-trained to understand and fulfill their obligations under GDPR. The script mentions compliance in relation to training and the importance of having people well-trained to protect personal information.

💡Security

Security in this video script refers to the measures taken to protect personal data from unauthorized access or breaches. It is an integral part of GDPR compliance, and the script highlights the need for employees to be trained on security practices, such as thinking before using and collecting personal information, and complying with security protocols.

💡Data Breach

A data breach is a security incident in which sensitive, protected, or confidential data is accessed, disclosed, or stolen. The script mentions that in the next video, they will be discussing data breaches, indicating the importance of understanding and being prepared for such incidents as part of GDPR compliance and training.

💡Collateral

In the context of the video, collateral refers to the training materials, such as booklets or presentations, provided to attendees during training sessions. The script describes a booklet given out as part of the training activities, which serves as a takeaway to help attendees remember key concepts discussed during the session. This collateral is designed to reinforce the training and provide a reference for employees.

Highlights

Training is crucial for improving GDPR awareness in an organization.

Initial training should be conducted when GDPR comes into force to get everyone up to speed on requirements.

Training should be included as part of the induction process for new employees to ensure they understand their GDPR responsibilities.

Refresher training is necessary when there are changes in systems, locations, or the types of information processed.

GDPR training should cover not just the regulation itself, but also its implications for the organization and employees.

Understanding the organization's information processing and key personnel is essential for effective GDPR compliance.

Training should emphasize employees' contributions to GDPR efforts and their daily responsibilities.

Free presentations and training booklets are provided to help employees understand and retain key GDPR concepts.

The training booklet is a simple, jargon-free resource that attendees can take away and refer to after the session.

The booklet covers the attendees' role in protecting personal data and provides an overview of what personal data is.

Special types of data and the organization's specific data processing needs are discussed in the booklet.

Information about data controllers and key contacts within the organization is included for guidance.

The booklet explains data subject rights and the measures the organization has implemented for GDPR compliance.

Practical advice is provided on using personal devices, clearing personal data, and maintaining data security.

The importance of being cautious when collecting and using personal information is emphasized in the training.

The training concludes with a reminder that people are the biggest risk to data, highlighting the need for well-trained employees.

The presenter offers to provide copies of the training booklet to interested parties.

The next video will discuss data breaches and their implications for GDPR compliance.

Transcripts

play00:00

[Music]

play00:04

hi I'm Mike Salim welcome back once

play00:07

again to our GDP our compliance journey

play00:11

videos this time we're talking about

play00:13

training and training is a great way of

play00:17

improving awareness in your organization

play00:19

around gdpr and getting your people

play00:23

knowing what they have to do and being

play00:24

responsible for what they have to do in

play00:27

regards to protecting people's

play00:30

information so first let's start by

play00:33

saying when you should do the training

play00:35

well firstly you should do some training

play00:38

now get everybody up to speed on what's

play00:40

required as the regulation comes into

play00:43

force then you want your people knowing

play00:46

what to do secondly you should include

play00:49

training as part of your induction

play00:51

activities anybody new joining your

play00:52

organisation should be aware of their

play00:54

responsibilities under the gdpr and

play00:57

thirdly you'd want to do training if

play00:59

anything changes if you have a change in

play01:01

systems or a change in locations or a

play01:04

change in the source information you

play01:06

process you want to refresh that

play01:08

training to make sure people are aware

play01:10

of what they need to do so getting it

play01:14

done at the right time is important but

play01:17

also including the right material we've

play01:20

seen a lot of gdpr training which is

play01:23

purely focused on telling individuals

play01:26

what the regulation is and what it

play01:27

includes now yes that's important and

play01:30

yes they should understand the

play01:31

regulation but there are some other key

play01:34

pieces of information that should be

play01:36

delivered as part of the training so as

play01:38

well as understanding what the gdpr is

play01:41

understanding what it means to your

play01:44

organization what information you are

play01:45

processing who the key people are who

play01:48

they should speak to if they've got any

play01:51

issues knowing those things about your

play01:53

organisation is key and then

play01:55

understanding what their contribution is

play01:58

what can they do on a daily basis what

play02:00

should they do what shouldn't they do to

play02:03

help you with your gdpr efforts

play02:05

now we deliver various training

play02:09

activities there's a free presentation

play02:12

on the guideline

play02:13

website which gives an overview of GDP

play02:15

are a link on the screen for you now but

play02:19

we also give out training booklets which

play02:21

we think is a very useful way of people

play02:23

understanding and taking those key

play02:26

concepts away with them so gonna give

play02:28

you a little look at that now so this is

play02:33

one of the pieces of collateral we give

play02:34

out as part of our training activities

play02:36

it's a simple booklet that attendees can

play02:40

take away with them after the session

play02:42

and it helps them remember what we've

play02:43

talked about and so it's very specific

play02:45

then to them it talks about your role in

play02:48

protecting personal data so we try and

play02:51

stay away from any kind of technical

play02:53

terms in this booklet we give an

play02:56

overview as to what personal data is and

play03:02

then we talk about special types of data

play03:03

and understanding what data this

play03:08

specific organization might need to

play03:10

process we then talked about data

play03:16

controllers and key people within the

play03:18

organization and discuss who they are

play03:20

and who they should contact there's

play03:25

information about rights and the

play03:27

measures the organization might have put

play03:29

in finally from a GDP our perspective

play03:34

there's information about technical

play03:36

measures but really the key information

play03:38

we provide as part of the training is is

play03:41

the practical day-to-day help so using

play03:45

your own devices making sure that people

play03:51

clear personal data from their organized

play03:53

devices when they leave the organization

play03:55

and just being sensible with them what

play03:59

they can do to keep personal data safe

play04:01

in terms of understanding the

play04:04

arrangements and processes complying

play04:06

with security think before using and

play04:09

collecting personal information and then

play04:12

we really finished with a reminder

play04:14

really that people are the biggest risk

play04:16

and threat to data

play04:19

so the best way of complying with gdpr

play04:21

and protecting personal information is

play04:24

to have people well-trained so that's

play04:31

some ideas and some thoughts on our

play04:33

approach to training if you'd like the

play04:35

booklets drop us a note we'd be only too

play04:39

happy to let you have some copies of

play04:40

that and next time we're going to be

play04:44

talking about data breach so hope you

play04:47

found that useful

play04:48

and until next time I hope you find your

play04:50

compliance simple

Browse More Related Video

GDPR Compliance Journey - 18 Reviews and Third Party Reviews

How to Implement GDPR Part 2 :Roadmap for Implementation

GDPR Compliance Journey - 15 Contracts & Agreements

GDPR Compliance Journey - 14 Process Documentation

Keynote: Are You Ready for GDPR? - Michele Appello

GDPR and Data Mapping

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
GDPR TrainingData ProtectionCompliance AwarenessOrganizational PoliciesData ControllersEmployee InductionData SecurityRegulatory ComplianceInformation PrivacyTraining MaterialsData Breach Prevention