The General Data Protection Regulation (GDPR) came in force on 25 May 2018. One of the main changes after GDPR came in effect is the concern about increased fines imposed by GDPR, which can amount up to 20 million euros or 4% of the annual sales. Penalty enforced for the violation of the GDPR is usually committed by the employees. Thus, it is highly valuable to increase awareness in terms of sensitive data protection law processes amongst employees; and provide them with the necessary knowledge so that they’re able to comply with the new requirements of the GDPR.
Why should employees be trained regularly in data protection?
Almost every organization processes personal data several times a day by using IT systems under Article 4 of the GDPR. This implies, complying with GDPR is essential for organizations in their area of work. The requirements of GDPR have to be met primarily by the employees. Thus, GDPR training is necessary for employees. Also, training employees in data protection law can be easily combined with other teaching contents such as specifications on data security and the company’s secrets, without diluting the boundaries between these two areas. This enables employees to learn how to recognize personal data and separate it from security issues & the company’s secrets. Apart from this, they also develop a particular sensitivity in handling personal data. Only by doing this, holistic compliance with the data protection regulations of the GDPR can be guaranteed by an organization.
What should be taught in the employee’s training course?
Firstly, the basic understanding of personal data, processing and rights & freedoms of natural person should be taught.
Secondly, the most important basic principles of data protection law should be presented. This includes principles of data economy, transparency & information obligations. Furthermore, the guidelines for lawful data processing must be outlined,
And finally, the specifications of data processing as per GDPR in comparison to the previous legal situation should be addressed. Overall, company and industry-specific features must be taken into account.
Since the GDPR is already in force, organizations should take action for GDPR training and train their employees in data protection law. This is not only because of the threats of high GDPR fines but also for the ease by which data protection law training courses can be implemented, providing opportunities to integrate the principles of data security.