This is a guest post written by Patrick O’Kane, the author of the great new book, “GDPR – Fix it Fast! Apply GDPR to Your Company in 10 Simple Steps.”  I wrote the Foreword to this book and highly recommend it!

Staff training is a crucial part of protecting data privacy. One recent study found that human error is the leading cause of data breaches, featuring in 37% of data breaches. Providing staff training is an important part of avoiding GDPR fines.

Despite its importance, staff training is perhaps the most under-emphasised part of any GDPR project. Companies have been busy fixing their processes, working on their information security and updating their customer consents; however, there seems to be seems to be little attention paid to how staff training will need to be revamped in order to keep your company in line with the requirements of GDPR.

These are my 3 tips on staff training:

Tip 1: Teach all staff the basics on Data Protection

All employees need some basic knowledge of data protection. Sometimes we can get lost in the minutiae of GDPR and can forget that our first line of defense needs clear and simple explanations about their data duties.

Typically general-employee training will include:

Tip 2: Give more detailed training on data protection to the employees that need it

Some staff will need specialty knowledge on the different areas of GDPR. For example:

Tip 3: Make it engaging

With a little bit of preparation, your training can teach people what they need to know if a way that will help them to protect the company. 

Patrick O’Kane is a noted data privacy expert and lawyer (barrister). He is the Data Protection Officer for a Fortune 500 US company. He helped lead a major GDPR implementation project across a group of 30 companies, and has written a book on GDPR entitled “GDPR – Fix it Fast.”