In honour of the 15th anniversary of Data Protection Day by the Council of Europe and Data Privacy Week by the National Cybersecurity Alliance (NCA), let us talk about data protection.
In May 2018, the European Union (EU) passed the General Data Protection Regulation (GDPR) to place obligations on organisations to be accountable for the data they hold or process on individuals within the EU. For organisations to comply with the regulations, they must demonstrate that they process personal data in compliance with the seven principles of GDPR.
Personal data includes names, addresses, telephone numbers, passport numbers etc. Mishandling personal data through a data breach or a leak could intrude on individual privacy, putting the organisation’s reputation at risk.
So why is data protection training crucial?
Demonstrating technical and organisational measures
To comply with data protection regulations, organisations must demonstrate the technical and organisational measures they have in place to follow the principle of design and default.
This includes training employees on data protection, policies and procedures. After all organisation’s first line of defence is its people – employees must understand the part they play in reducing the risk of data breaches on individual privacy. For example, this includes always double-checking any communications sent to customers, ensuring that it does not accidentally involve another customer’s information.
Refreshing data protection training
Throughout the pandemic, employees have mostly worked remotely or in a hybrid manner. While this has been a positive change for work-life balance, maintaining compliance with regulations such as the GDPR has been put on the back burner, leaving organisations at risk of non-compliance.
Refreshing data protection training regularly is key in ensuring employees understand the regulations and what they need to do as part of their role when handling personal data and how to ensure it stays safe. Refresher training helps to reduce mistakes and improves productivity; this means employees are more likely to know how to follow correct data protection procedures, and it feels like second nature. Fewer mistakes reduce the likelihood of organisations getting penalised for failing non-compliance with data protection laws.
Avoiding financial sanctions
Educating employees to behave and complete workplace activities by always conforming to data protection regulations will reduce the likelihood of a data breach and subsequent financial penalties.
According to recent data, in 2021, GDPR fines hit over €1 billion, a drastic jump compared to €171 million in the previous year. In the EU, a total of 412 penalties were given, with corporate giants such as Amazon and WhatsApp paying the highest price for violating GDPR regulations. The sheer fact that the fines increased significantly over the space of a year demonstrates not enough is being done to ensure GDPR compliance within the organisation.
When an organisation fails to comply with regulations, not only does it risk receiving a large fine from regulatory bodies, such as the Information Commissioner’s Office (ICO), but it’s also at risk of significant reputational damage. Stakeholders in the organisation – employees, suppliers and customers – all want reassurance that their data is safe and secure while in the hands of said company.
If the organisation held data in the public cloud without password protection and encryption – then the organisation is at fault for failing to keep data secure. According to Verizon’s Data Breach Investigation Report, in 2020, misconfigurations resulted in 10% of all breaches.
When people find out their personal data is involved in a data breach, they lose faith and trust in the company that leaked that information. Being part of a data breach negatively impacts the company’s reputation and results in a loss of business as the people involved are unlikely to trust the organisation 100%.
Educating employees with data protection training means employees can learn to conform with regulations, whether it’s EU’s GDPR, UK’s GDPR, or CCPA (California Consumer Privacy Act). Training employees on maintaining compliance is critical, not just for their sake, but the organisation’s financial and reputational risk lies in their hands. One slip up can result in a disastrous breach. So, safeguard data by training employees.
Having completed his degree in Networking & Communications Technologies, Jason Stirland has spent nine years working in eLearning. From starting his career as first-line technical support, Jason has expanded his role to incorporate programming and sales and often hosts consultative software meetings for key clients. Jason has been responsible for developing DeltaNet’s Astute Learning Management System, as well as the organisation’s IT/security infrastructure and software strategy.