The importance in bringing your staff up to speed on GDPR?
Well we have raised a number of areas that need investigating to become GDPR compliant, from technology, process’s, to legalities.
Though all of this effort will come to naught if staff are not given instruction on what to do and why it’s important. The ICO is not only looking at cyber security, but a change in business culture that puts due care for personal data at the heart of each organisation. That means actively avoiding shoving a dry set of procedures down people’s throats and actually enthusing staff on a new way of working that engages them with a more efficient and more effective ways of working to save time and to increase sales.
Staff training by department.
What is required is for a person deeply involved with the change process who can document what procedural changes have taken place. This should provide a framework charting how things were done previously against the changes that have been applied, such as upgraded software, to show the step by step list of improvements. Key elements of the process of documenting the change process will involve updating the data map and the privacy impact assessments. Collectively the documentation will map the before and after scenarios and highlight the tangible improvements and the areas where staff need to be informed of the changes and the new ways of doing things and why they are important.
Training sessions should then be scheduled for each department affected. For some organizations that can present a logistical nightmare where downtime is an issue. Many departments will always need someone available to answer the telephone for example. That may mean breaking training down into smaller groups and scheduling the training over longer periods of time so that positions are all covered. That may mean more quality training, as smaller groups lend themselves to greater interaction. In other situations, an “Awayday” may be more effective so people don’t get distracted by office routines and everybody’s input can be appreciated.
Practice makes perfect.
Thought needs to be given to the contents of such training courses. With a bit of effort and imagination, this need not be a mouthpiece at the front of yet another Powerpoint presentation, but an interactive exercise that engages staff in the whole process. Role plays, games, small group discussions and exercises all give staff an opportunity to contribute to the session and valuable insights might be gleaned in the process.
This should not be seen as a one-off event and refresher courses should be designed during the year. The training would need to be included within induction manuals for new starters and upgraded courses would need to be presented as procedures change in this ever-evolving space.
People not machines.
The whole slant of GDPR is more about how members of staff treat other people’s information. IT systems and upgrades are simply the tools to achieve a desired outcome, but it’s people’s attitudes that are central to the changes needed for GDPR. For those organisations that do not have the expertise in house to provide training in this area, we have legal and IT specialists who can assist and present courses that are tailored to your needs. Please see our Services and FAQ pages for more details.