The General Data Protection Regulations, as published by the European Union, are 88 pages long—in their English version, at least. They cover technical requirements, jurisdictions, fines, definitions of controllers, processors, natural persons…
Are you feeling overwhelmed yet? Even those of us who geek out on regulations of all kinds, including data security and privacy, can hit our limit. And when that happens—when there’s too much information coming in and it’s hard to figure out what’s relevant to you, right now—your brain can feel like it just shuts down. Learning stops.
Now imagine how your employees must feel.
The most effective training answers this important question: What does the average person need to know about the GDPR? Or, to put a finer point on it: What do your employees need to know to do their jobs?
We believe this comes down to four essential points:
- Understanding what sensitive information is.
- Recognizing when they’re handling sensitive information.
- Knowing the proper way to handle sensitive information (including any specific processes your company has put in place).
- Knowing where to get help.
Trying to train people on more than this could be worse than just extraneous: It could be counterproductive. If your employees hit brain overload, they’re not going to absorb those four vital points. And they may not be thoughtful about how they handle data.
Training your employees on data privacy is required by the GDPR—and it’s just good data security practice. But we believe this training, like all training, should be more than just a response to a legal requirement: It has to be relevant. It has to be clear. It has to be effective.