STEP 1 – AWARENESS

Employees should be ‘in the know’

It is important that every member of an organisation understands how their role is impacted by a regulation and how they can contribute towards complying with it. With the GDPR, we expect that:

– the product development team to know what “privacy by design” means and how it should be incorporated into product workflows;
– a marketing team should know when they have a legal right to send emails to customers (and when they don’t);
– IT departments are expected know what good security looks like;
– HR teams should be ready to respond to requests from individual members of staff in relation to their personal information.

Please note also that:

– If the regulator’s expectations are not met by an organisation then that organisation will not be compliant with data protection law, including the GDPR.
– If your product development team doesn’t understand its responsibilities, non-compliant products will be released which could lead to customer complaints.
– If your marketing team sends out marketing communications to individuals when they have no right to do so, a complaint could be made to the regulator.
– If your IT department does not understand what good security looks like there could be a data breach which has to be notified to the regulator.
– And if your HR team does not respond to an information request from an individual, a claim could be made against your organisation by that individual.

In all these scenarios, there is a risk of bad publicity and huge fines. This would be a direct result of staff training failure.

However, let’s not be too alarmist about all of this. There are very positive reasons to train all your staff in GDPR compliance.

Get your 100% FREE eBook in less than 1 minute

Download
gdpr compliant badge
gdpr compliant badge