Last updated: 28.02.18

Overcoming 'GDPR fatigue' with simple, straightforward training

Many people in the business world are likely sick of hearing about GDPR by now - which is why it's essential to keep your message on this vital subject simple, quick and concise.

The saying goes that familiarity breeds contempt, and if that's to be taken as true, then it stands to reason that many people in the business world are probably feeling considerable contempt for the General Data Protection Regulation (GDPR) by now.

Over the last few months, it's become nearly impossible to avoid hearing about the new data protection laws, with the imminent approach of the implementation deadline meaning that companies are under increasing pressure to show they are ready to comply. As a result, many workers and bosses may be feeling a degree of "GDPR fatigue", with the sheer amount of advice being given on the topic leading to a certain degree of confusion, or at least a sense that the topic has become a business buzzword.

This feeling is understandable, but it shouldn't obscure how genuinely important it is to get GDPR right; as such, companies that are sick of hearing about GDPR need to work on a new approach to training and communication that cuts through all the noise and delivers the crucial basics to staff as quickly and effectively as possible.

The most important basics of GDPR

Part of the reason why many firms will be feeling GDPR fatigue is that the legislative document itself is more than 200 pages long, making it hard for non-experts to absorb it in full. This is why learning and development teams should be looking to strip the legislation down to the core elements that are most likely to affect day-to-day operations.

Here are the most pressing aspects of GDPR that your business can't afford to ignore:

  • GDPR is the new EU-wide legal framework governing the use and protection of personal data, replacing now-outdated laws dating back to 1995
  • The new law will come into effect on May 25th 2018, and will apply to all organisations processing or holding personal data on individuals living in the EU
  • Businesses will now need explicit consent to store and use a person's data, including explaining what the data will be used for, and providing access to or deleting that information on request
  • If an organisation suffers a data breach, it will need to inform the relevant supervisory authority within 72 hours of identifying the issue
  • All companies above a certain size will have to appoint a dedicated data protection officer to take responsibility for GDPR compliance
  • Any firm that fails to comply could be hit with a fine of up to €20 million or four per cent of their global annual turnover - whichever is higher
  • The laws will apply to businesses in all parts of the world that hold data on EU citizens, and will continue to apply in the UK regardless of Brexit

Keep your GDPR training practical and engaging

Getting these key points across to your employees in an engaging way can be challenging, particularly if they already feel as though they've been bombarded with information about GDPR already. That's why it's so vital to ensure any training you provide on this subject is quick, simple and to the point.

Here are some key pieces of advice that could deliver better retention, even among the most GDPR-fatigued workforce:

  • Make training sessions short and digestible - most non-specialist IT workers are unlikely to be able to stomach lengthy lectures on data laws, so avoid running sessions that last longer than an hour
  • Adopt a practical focus - droning on about legal hypotheticals and regulatory small print is unlikely to successfully communicate the importance of GDPR to a busy, impatient workforce. Emphasise the real-world implications of GDPR, and explain how it will relate directly to their day-to-day responsibilities
  • Know your audience - Different parts of your workforce should be addressed in different ways - frontline staff are likely to respond better to a broad outline of the overall GDPR principles, while IT departments and board members are likely to appreciate a more detailed-oriented approach
  • Tell staff no more than they need to know - not everyone in your organisation needs to know everything contained in the 200+ pages of the GDPR document. Provide the entire company with an overview of the key elements, and explain the more specific details to the staff who are most likely to have to deal with them

Related resources