I think we can all agree that most of us are tired of hearing the four-letter acronym G-D-P-R. Let’s face it, GDPR isn’t exactly the most exciting topic and it’s also a topic that you can guarantee your employees will consider to be as dull as dishwater. However, despite perceptions, ensuring understanding of GDPR within your organisation shouldn’t be underestimated. Ultimately, it is a law that will be enforced from May 2018, whether we like it or not.
The question that many of us ask is, “how can we best deal with GDPR?”.
Well, of course there are the endless software solutions that I’m sure you are all inundated with. Indeed, it cannot be argued that a £10,000 software product will definitely not add some value to your organisation. Nonetheless, it is also important to remember that GDPR is more than just an IT issue.
Put simply, it is your employees who deal with any personal data within your organisation. It is also your employees who are responsible for processing your customer’s data. Therefore, it is perhaps no surprise that cyber-criminals recognise your employees to be the weakest link in your organisation’s security, especially as it is reported that over 90% of incidents involve user behaviour, rather than a lack of IT measures.
To help ensure compliance, it only makes sense for you to think about the best way to share best practice and educate employees about their changing and more onerous responsibilities under GDPR.
Although GDPR may seem stressful and dull, training employees to understand GDPR need not be. Besides, training your employees is an extremely cost-effective way in helping your organisation develop a positive security culture generally and towards compliance with the new European privacy law.
There are various ways in which you are able to up-skill your employees, including face-to-face training, classroom learning and e-Learning.
Although all options may have their perks, e-Learning presents your organisation with a more time-efficient solution that is able to reach a large number of employees instantly. Moreover, e-Learning also provides you with an official training record, which is beneficial for auditing purposes.
Regardless, cyber-criminals understand that they are able to bypass your technical defence measures by tricking your employees.
There is a reason as to why 88% of organisations around the world plan to drive employee GDPR behavioural changes through GDPR awareness training for their employees. Is your organisation one of them?
A FEW THINGS TO LOOK OUT FOR WHEN DECIDING ON WHAT EMPLOYEE AWARENESS TRAINING:
- Who has authored the content? Consider whether the provider is appropriate to deliver training on the topics you desire. Do they operate within a specialism or do they provide training in a variety of other areas? Do they have the expertise you’re looking for? Are the qualified to provide this training?
- Is it GCHQ accredited? Accreditations ensure relevance and quality of not only the training content, but also the delivery of the training. GCHQ accreditation means that the training forms part of the National Cyber Security Programme, so should be a “must have” when looking for employee security awareness training.
- How engaging is it? What’s the point of enforcing employee awareness training when it’s going to go into one ear and out of the other? Make sure the content is interactive and engaging, and suited to your organisation.
- Can you understand it? It’s not necessary for training content to be full of jargon and over-complicated terms. Ultimately, content needs to be easy to understand and digestible.