The short answer: yes. The better question: how do I get GDPR training that is actually useful?
When GDPR was first introduced on May 25, 2018, there was a rush to get trained and become compliant. You can see the data protection panic in the spike of ‘GDPR’ google searches in the last 5 years. However, the training was more box-ticking than applied knowledge.
As confirmed by both the UK’s data protection body, the Information Commissioner’s Office (ICO), and the European Data Protection Board, ongoing GDPR training is a legal requirement. All organisations need to to show that they are taking measurable steps to be compliant.
However since 2018, there have been constant changes to data compliance (including upcoming regulation changes due to Brexit) and a growing knowledge gap on how to follow regulation. The majority of organisations say they find “compliance a challenge“.
The problem? Ongoing training that isn't relatable to employees.
Compliance is easy when you understand how to action it in your daily work, and when your team is empowered by responsibility, not fearful of it. Here are the three question to measure what GDPR training is right for you.
1. Is your training department specific?
Data is not one person’s responsibility. It is the responsibility of everyone who handles customer data, however every team has specific needs. Though there is some crossover, a marketing team uses data in different way to other departments and therefore have different learning requirements.
For example the latest GDPR Privacy Shield changes will largely impact marketing, communication or sales teams. Teams will need to update policies and revise training on how US based third party services including Google Analytics or CRMs including SalesForce are used.
2. Does your training open up data conversations in the team?
Data legislation is changing constantly. It is being influenced by world events including Brexit and lobbying bodies such as the Centre for Humane Technology. If there is no discussion on these changes in meetings or if there has been not one potential data breach reported – it may be due to a lack of understand or a lack of confidence.
Every person on the team who handles customer information has the potential to cause data breaches, and ongoing training should enable them to confidently raise issues.
3. Does your training include checking work that you outsource?
Often there is not enough time or resource, meaning work needs to go to a third party. This may be a digital agency that sets up your cookie banner or social promotions that involve setting up pixel trackers.
However you are still responsible for understanding if the outsourced work is compliant with your customer base’s local data protection laws. If your team cannot test if the work is compliant, you are putting yourself at risk of large fines.
Ongoing GDPR training is a legal requirement but only the proper training will build an ethical team, protect brand reputation and stronger customer relationships.
If you need help on assessing what training is right for you, read more about how to choose data protection training here.