In this article Scott Sammons from Lighthouse IG looks to provide the answer to the question, ‘How and when to train staff on Data Protection?’
Personally, I hate online training. I’ve completed my fair share over the years, and even subjected some other people to it. It has its place, but I am not sold on the value of it for generating culture change and really giving staff the skills to manage data.
Staff learn and relate to things through stories and familiarity. So, reading some ‘Jack and Jill’ story about Data Protection just really isn’t going to do the trick. Such annual online training has its value. It certainly does the job for ticking a box to say everyone has been told X. But does it really give staff skills? Are you really going to change attitudes, behaviours, and minds with a 30-minute online course? I doubt it.
Data Protection training, like any training, should be more personal and tailored to the audience. The more ‘hands-on’ someone is with Data – from the techie to the customer service agent – the more a standard off-the-shelf GDPR training course just isn’t going to do it for them.
Data Protection is, after all, more than just a piece of law. It’s a behaviour; a way of working and a way of thinking.
So, why not try tailoring the message to the audience? Training them specifically on how Personal Data is a part of their working life. Upskilling their ability to use and understand technology and the power of data?
From skills for the DPO through to skills of staff, avoid ‘out-of-the-box’ training programmes. Tailor it to your needs, your pressures, and your priorities so that Data Protection really does become more than just a piece of law.
Start with a training needs assessment. Be honest with the technical skills of staff. Create a training programme that delivers a better information and data handling culture instead of a tick box!