Search Our Site

We have 2,946,482 registered online learners.
775 new learners so far today.

Staff Training for GDPR 2018

schedule 1 week, 2 days ago by Emma Brook in Virtual College

Employers talking and training together

The General Data Protection Regulation, better known as GDPR, comes into force in May 2018, it will bring with it the prospect of major changes to the way UK businesses think about and use the data that they collect from individuals.

The EU has brought these laws into force in order to give EU citizens better control over the use of their data which is held by businesses and other non-governmental organisations. As a result, it is fairly broad reaching and complex, which makes it difficult to understand easily, particularly for businesses that are going to have to really pay attention. This is why efficient and effective staff training is crucial for businesses. In this article, we’re going to look at why it’s important, who needs to be trained, what this should cover, and how you can get help.

Virtual College has a free overview course titled ‘An Introduction to GDPR’. It may be very beneficial for those starting the process of becoming GDPR compliant, and those who are individuals or businesses who are not already aware of the basics of what GDPR involves. Click here to find out more about out introduction to GDPR course.

Why It’s Important

Training is hugely important for GDPR because of its complexity, and the new rules that have been introduced. There are very few businesses that were set up to deal with GDPR before it was agreed into law, so most companies will need to make some form of change. If staff are to properly understand those changes and implement new processes, then they need to be trained.

The other major issue is of course that GDPR fines can be very significant indeed, and it is in your interests to stay on the right side of them. It is not known exactly how strict the EU is likely to be at this stage, but it’s simply not worth the risk. If there are members of staff handling people’s data and they don’t understand GDPR, they could well be a risk.

Who Needs Training?

This is a question that only business managers can answer, depending on the nature of the business and the level of awareness of employees. There are, however, guidelines for who needs to be aware of GDPR.

Anyone handling an individual’s data in any way, whether they are looking after customer accounts at a bank or collecting customer emails for marketing purposes, need to be aware of what GDPR is and what it does. If your business involves any of this, then you should have everyone involved undertake at least a basic overview training session. Staff members who are directly responsible for data security will require more substantial training.

What You Need to Cover

Given how extensive the GDPR regulations are, there is a lot to potentially be covered in any training provided to staff. At a minimum, we’d recommend that everyone even tangentially involved to data processing needs to be aware of the following things that GDPR does, and how that affects them:

  • Legal Basis - You now have to have a ‘legal basis’ for collecting and processing an individual’s data
  • Consent - In many cases you must gain a person’s consent to hold information about them, and store a record of this (this includes gaining consent on behalf of children)
  • Subject Access Requests - Individuals have the right to request all of the information that is held about them, and this should be dealt with promptly
  • Right to Erasure - Individuals can also request that their data is erased under a number of legal grounds
  • Reporting - There are now requirements for reporting any data breaches and other Cyber security incidents in a timely fashion, and to the correct authorities

In addition, you will of course need to conduct training on the policies you have implemented in order to adhere to these regulations. It’s not enough to know that individuals can request their information - you need to know how you’re going to service those requests.

How to Get Help

GDPR can clearly be daunting, which is why many businesses are looking for external help. There are of course official publications of the incoming regulations available from the EU itself, but these are hugely complex and can be difficult for those without a legal background to understand. The UK’s Information Commissioner’s Office, which is responsible for looking after people's’ rights when it comes to information on the UK, has published a variety of guidelines that might help.

If you’re in any doubt at all as to whether you have the necessary GDPR knowledge, then you should undertake training. Virtual College can assist your business in staff training, with a range of courses that are dedicated to cyber security and GDPR.


Related resources

Emma Brook - Virtual College

Author: Emma Brook

Emma works in the marketing design team at Virtual College and works on a variety of print and digital design projects. In her spare time she enjoys going to gigs and the theatre.

CPD
Investors
ISO 9001:2015
Microsoft
Crown Commercial Service Supplier

Contact

+44 (0)1943 605 976

info@virtual-college.co.uk

Marsel House

Ilkley, West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.
Live Chat

Click to chat

Login

We launched a new website in February 2017. If you want to go back to a course, or start a course, bought before this date then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.

LMS

You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.